CVE-2024-57910Use of Uninitialized Resource in Linux

CWE-908Use of Uninitialized Resource80 documents6 sources
Severity
7.1HIGHNVD
OSV7.8OSV6.2OSV5.5
EPSS
0.0%
top 96.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 19
Latest updateMay 29

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized infor

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

NVDlinux/linux_kernel5.4.1325.4.290+7
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+2
CVEListV5linux/linuxda8ef748fec2d55db0ae424ab40eee0c737564aa13e56229fc81051a42731046e200493c4a7c28ff+9
debiandebian/linux< linux 6.1.128-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

40
OSV
linux-oracle-6.8 vulnerabilities2025-05-29
OSV
linux-hwe-6.8 vulnerabilities2025-05-28
OSV
linux-raspi-5.4 vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-28
OSV
linux-raspi vulnerabilities2025-05-26

📋Vendor Advisories

39
Ubuntu
Linux kernel (Oracle) vulnerabilities2025-05-29
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-28
Ubuntu
Linux kernel (HWE) vulnerabilities2025-05-28
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-05-26