Linux Kernel Information Leak Vulnerability in IIO Light BH1745 Driver

Vulnerability

A vulnerability in the Linux kernel's IIO light BH1745 driver has been addressed, which involved an information leak from the triggered buffer to user space. The issue arose because the 'scan' local structure did not initialize values for inactive channels, leading to the transmission of uninitialized data. The vulnerability has been fixed by ensuring the structure is zeroed out before use, preventing the leakage of undefined information to users.

Impact

The vulnerability could have allowed the unintentional exposure of uninitialized data to user space, potentially leading to information disclosure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in IIO Light BH1745 Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating