Linux Kernel Information Leak Vulnerability in Rockchip SAR ADC IIO Driver

Vulnerability

A vulnerability in the Linux kernel's IIO ADC Rockchip SAR ADC driver allows for an information leak from a triggered buffer to userspace. The issue arises because the driver does not initialize values for inactive channels, leading to the transmission of uninitialized data. This vulnerability has been addressed by modifying the driver to zero-initialize the data structure before use, ensuring that no stray data is sent to userspace.

Impact

Exploitation of this vulnerability could result in the unintentional disclosure of sensitive information from the kernel to userspace, potentially including uninitialized memory contents that could be manipulated or misused by an application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in Rockchip SAR ADC IIO Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating