Linux Kernel Information Leak Vulnerability in IIO KMX61 Driver

Vulnerability

A vulnerability in the Linux kernel's IIO (Industrial I/O) subsystem, specifically within the KMX61 inertial measurement unit (IMU) driver, has been addressed. The issue involved an information leak through the triggered buffer mechanism. The local 'buffer' array, used to transfer data to user space, failed to initialize values for inactive channels, leading to the potential exposure of uninitialized data. This vulnerability has been resolved by ensuring the array is properly zeroed before use, preventing the leakage of uninitialized information to userspace.

Impact

Exploitation of this vulnerability could result in an information leak, allowing uninitialized data to be sent to user space, which could be misused or cause unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in IIO KMX61 Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating