CVE-2024-57911 Information

Description

In the Linux kernel the following vulnerability has been resolved:

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

The ‘data’ array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer but it does not set values for inactive channels as it only uses iio_for_each_active_channel() to assign new values.

Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace.

Reference

https://git.kernel.org/stable/c/333be433ee908a53f283beb95585dfc14c8ffb46 https://git.kernel.org/stable/c/74058395b2c63c8a438cf199d09094b640f8c7f4 https://git.kernel.org/stable/c/b0642d9c871aea1f28eb02cd84d60434df594f67 https://git.kernel.org/stable/c/ea703cda36da0dacb9a2fd876370003197d8a019