Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-57912

Summary
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At-19 Jan, 2025 | 11:52
Updated At-03 Nov, 2025 | 20:55
Rejected At-
Credits

iio: pressure: zpa2326: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Linux
Assigner Org ID:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jan, 2025 | 11:52
Updated At:03 Nov, 2025 | 20:55
Rejected At:
▼CVE Numbering Authority (CNA)
iio: pressure: zpa2326: fix information leak in triggered buffer

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/iio/pressure/zpa2326.c
Default Status
unaffected
Versions
Affected
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before 9629ff1a86823269b12fb1ba9ca4efa945906287 (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before d25f1fc273670271412a52a1efbdaf5dcf274ed8 (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before 64a989aa7475b8e76e69b9ec86819ea293e53bab (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before b7849f62e61242e0e02c776e1109eb81e59c567c (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before 979a0db76ceda8fe1f2f85a116bfe97620ebbadf (git)
  • From 03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 before 6007d10c5262f6f71479627c1216899ea7f09073 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/iio/pressure/zpa2326.c
Default Status
affected
Versions
Affected
  • 4.9
Unaffected
  • From 0 before 4.9 (semver)
  • From 5.4.290 through 5.4.* (semver)
  • From 5.10.234 through 5.10.* (semver)
  • From 5.15.177 through 5.15.* (semver)
  • From 6.1.125 through 6.1.* (semver)
  • From 6.6.72 through 6.6.* (semver)
  • From 6.12.10 through 6.12.* (semver)
  • From 6.13 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287
N/A
https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8
N/A
https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab
N/A
https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c
N/A
https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a
N/A
https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf
N/A
https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
N/A
Hyperlink: https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-908CWE-908 Use of Uninitialized Resource
Type: CWE
CWE ID: CWE-908
Description: CWE-908 Use of Uninitialized Resource
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:416baaa9-dc9f-4396-8d5f-8c081fb06d67
Published At:19 Jan, 2025 | 12:15
Updated At:03 Nov, 2025 | 21:18

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Secondary3.17.1HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CPE Matches
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 4.9(inclusive) to 6.1.125(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.2(inclusive) to 6.6.72(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>Versions from 6.7(inclusive) to 6.12.10(exclusive)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*
Linux Kernel Organization, Inc
linux
>>linux_kernel>>6.13
cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-908Primarynvd@nist.gov
CWE-908Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-908
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-908
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a416baaa9-dc9f-4396-8d5f-8c081fb06d67
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Resource:
Patch
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found