CVE-2024-57909

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns an information leak in the triggered buffer of the Linux kernel's iio light bh1745 component. The local struct 'scan' is used to send data to user space from a triggered buffer but does not initialize values for inactive channels, as it only uses iio for each active channel() to assign new values. This can lead to sending uninitialized information to user space. The struct should be initialized to zero before use to prevent this leak.

Recommendations To resolve the issue, initialize the 'scan' local struct to zero before using it to push data to user space. This ensures that no uninitialized information is sent to userspace. At the moment, there is no information about a newer version that contains a fix for this vulnerability.