Linux Kernel Information Leak Vulnerability in IIO Pressure ZPA2326

Vulnerability

A vulnerability has been identified in the Linux kernel's IIO pressure driver for the ZPA2326 sensor. The issue involves an information leak from a triggered buffer to user space. The local 'sample' structure, which is used to transfer data, contains an uninitialized gap between the temperature and timestamp fields. This gap can lead to the exposure of uninitialized data to user space. The vulnerability has been addressed by initializing the structure to zero before use.

Impact

Exploitation of this vulnerability could result in the unintentional disclosure of uninitialized memory contents to user space, potentially leading to information leakage.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Information Leak Vulnerability in IIO Pressure ZPA2326

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating