CVE-2024-57911

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description The issue concerns an information leak in the Linux kernel's iio:dummy buffer. Specifically, the data array is allocated via kmalloc() and used to push data to user space from a triggered buffer. However, it does not set values for inactive channels, as it only uses iio for each active channel() to assign new values. This can lead to sending uninitialized information to user space. To avoid this, kzalloc should be used for memory allocation.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider using kzalloc for memory allocation in the iio simply dummy buffer function to avoid sending uninitialized information to user space. Restrict access to the triggered buffer to minimize the risk of exploitation until the update is applied.