CVE-2024-57909

Published: Jan 19, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Vendor	Product	Versions
Linux	Linux	affected `eab35358aae705b779a7c8b405474d1290175196 - < 1cca2a666e099aa018e5ab385f0a6e01a3053629` affected `eab35358aae705b779a7c8b405474d1290175196 - < b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0`
Linux	Linux	affected `6.12` unaffected `0 - < 6.12` unaffected `6.12.10 - <= 6.12.` unaffected `6.13 - <= `

References

https://git.kernel.org/stable/c/1cca2a666e099aa018e5ab385f0a6e01a3053629

https://git.kernel.org/stable/c/b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-57909

Description

Affected Products

References