CVE-2024-57905
Published: 19 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Security Summary
CVE-2024-57905 is an information disclosure vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the TI-ADS1119 ADC driver. The issue arises in triggered buffer mode, where a local 'scan' structure used to push data to userspace contains an uninitialized hole between the sample (unsigned int) and timestamp fields. This results in uninitialized kernel memory being exposed to userspace, classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability by interacting with the ti-ads1119 driver in triggered buffer mode. Successful exploitation allows the attacker to read sensitive uninitialized kernel memory leaked through the buffer, achieving high confidentiality impact. The CVSS vector also indicates high availability impact, though the root cause stems from the uninitialized data exposure.
The provided kernel patch references detail the fix: commits 2f1687cca911a2f294313c762e0646cd9e7be8cc and 75f339d3ecd38cb1ce05357d647189d4a7f7ed08 initialize the 'scan' structure to zero before use, preventing the leak. Security practitioners should update to kernels incorporating these stable commits to mitigate the issue.
Details
- CWE(s)