CVE-2024-57909
Published: 19 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Security Summary
CVE-2024-57909 is an information disclosure vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the BH1745 light sensor driver. The issue arises in the triggered buffer mode, where a local 'scan' struct is used to push data to userspace. This struct is not fully initialized, as it only updates values for active channels via iio_for_each_active_channel(), leaving inactive channels with uninitialized kernel memory that gets exposed to userspace. It is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability by triggering the buffer on a system with the affected BH1745 driver loaded. This allows reading of uninitialized kernel memory leaked into userspace, potentially exposing sensitive data such as kernel stack contents. The high confidentiality impact enables information gathering, while the high availability impact suggests potential for denial-of-service through memory corruption or related effects, all with low complexity and no user interaction required.
The provided kernel patch references detail the fix: commit 1cca2a666e099aa018e5ab385f0a6e01a3053629 and b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0 initialize the 'scan' struct to zero before use, preventing the leak of uninitialized data. Security practitioners should apply these stable kernel updates to affected versions and consider disabling the BH1745 driver if not needed.
Details
- CWE(s)