Vulnerabilities > CVE-2024-57910 - Use of Uninitialized Resource vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff
- https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279
- https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518
- https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed
- https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b
- https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7
- https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c