In the Linux kernel, the following vulnerability has been resolved:
iio: pressure: zpa2326: fix information leak in triggered buffer
The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized.
Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
[
{
"id": "CVE-2024-57912-17b04e48",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9629ff1a86823269b12fb1ba9ca4efa945906287",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-1a19ca52",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-1d10daae",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d25f1fc273670271412a52a1efbdaf5dcf274ed8",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-3be650bc",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d25f1fc273670271412a52a1efbdaf5dcf274ed8",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-47722f8c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@979a0db76ceda8fe1f2f85a116bfe97620ebbadf",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-49c3914a",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9629ff1a86823269b12fb1ba9ca4efa945906287",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-6c1a1455",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@979a0db76ceda8fe1f2f85a116bfe97620ebbadf",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-6d5cf54c",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6007d10c5262f6f71479627c1216899ea7f09073",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-aec04298",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@64a989aa7475b8e76e69b9ec86819ea293e53bab",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-b9eb1bd2",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6007d10c5262f6f71479627c1216899ea7f09073",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-d596fe19",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-dd282cc1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@64a989aa7475b8e76e69b9ec86819ea293e53bab",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-e5c64f86",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7849f62e61242e0e02c776e1109eb81e59c567c",
"digest": {
"line_hashes": [
"131492931630437944809299951749912169477",
"226972685773188771521195684057256609366",
"287686839208324353873545745168916244435"
],
"threshold": 0.9
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/iio/pressure/zpa2326.c"
}
},
{
"id": "CVE-2024-57912-fa1cdec3",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b7849f62e61242e0e02c776e1109eb81e59c567c",
"digest": {
"length": 679.0,
"function_hash": "142273401314207949544171213151151624454"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "zpa2326_fill_sample_buffer",
"file": "drivers/iio/pressure/zpa2326.c"
}
}
]