Linux Kernel Information Leak Vulnerability in IIO Dummy Buffer

Vulnerability

A vulnerability in the Linux kernel's IIO (Industrial I/O) subsystem has been addressed. The issue involved the 'data' array in the 'iio_simply_dummy_buffer' component, which was allocated using kmalloc() to transfer data from a triggered buffer to user space. However, the array did not initialize values for inactive channels, leading to the potential leakage of uninitialized data to userspace. This vulnerability has been fixed by changing the memory allocation to use kzalloc(), which ensures that the data is properly initialized before being sent to user space.

Impact

Exploitation of this vulnerability could result in an information leak, allowing uninitialized data to be sent to user space, which could be misused or cause unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in IIO Dummy Buffer

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating