Primary

Context

Linux Kernel Uninitialized Stack Data Vulnerability in IIO Acceleration Driver

Vulnerability

Patched

A vulnerability in the Linux kernel's IIO acceleration driver for the SCA3300 sensor has been addressed. This issue involved a potential leak of uninitialized stack data to userspace. The vulnerability was caused by the 'channels' array not being properly initialized before use. The problem has been fixed by ensuring the array is zeroed out prior to utilization.

Impact

Exploitation of this vulnerability could lead to the unintentional disclosure of uninitialized stack data to userspace, which may be exploited to cause undefined behavior or information leakage.

Added: Sep 5, 2025, 7:53 PM

Updated: Sep 5, 2025, 7:53 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Uninitialized Stack Data Vulnerability in IIO Acceleration Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating