CVE-2024-57909 Information

Description

In the Linux kernel the following vulnerability has been resolved:

iio: light: bh1745: fix information leak in triggered buffer

The ‘scan’ local struct is used to push data to user space from a triggered buffer but it does not set values for inactive channels as it only uses iio_for_each_active_channel() to assign new values.

Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Reference

https://git.kernel.org/stable/c/1cca2a666e099aa018e5ab385f0a6e01a3053629 https://git.kernel.org/stable/c/b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0