PT-2025-3633 · Linux+7 · Linux Kernel+7
Javier Carrasco
·
Published
2024-12-07
·
Updated
2025-10-03
·
CVE-2024-57908
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue concerns an information leak in the triggered buffer of the Linux kernel's iio: imu: kmx61 module. The 'buffer' local array is used to push data to user space from a triggered buffer but does not set values for inactive channels, as it only uses
iio for each active channel() to assign new values. This can lead to pushing uninitialized information to userspace. The array needs to be initialized to zero before use to avoid this issue.Recommendations
For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider initializing the
buffer array to zero before using it to avoid pushing uninitialized information to userspace.Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu