From fb08f346eed2df1421fa67c7cf3666274e36ce85 Mon Sep 17 00:00:00 2001 From: Javier Carrasco Date: Wed, 19 Feb 2025 01:28:31 +0000 Subject: [PATCH] iio: adc: rockchip_saradc: fix information leak in triggered buffer stable inclusion from stable-v6.6.72 commit 5a95fbbecec7a34bbad5dcc3156700b8711d53c4 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBIQWT CVE: CVE-2024-57907 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5a95fbbecec7a34bbad5dcc3156700b8711d53c4 -------------------------------- commit 38724591364e1e3b278b4053f102b49ea06ee17c upstream. The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. Cc: stable@vger.kernel.org Fixes: 4e130dc7b413 ("iio: adc: rockchip_saradc: Add support iio buffers") Signed-off-by: Javier Carrasco Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-4-0cb6e98d895c@gmail.com Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman Signed-off-by: Cui GaoSheng --- drivers/iio/adc/rockchip_saradc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c index 1c0042fbbb54..929cba215d99 100644 --- a/drivers/iio/adc/rockchip_saradc.c +++ b/drivers/iio/adc/rockchip_saradc.c @@ -368,6 +368,8 @@ static irqreturn_t rockchip_saradc_trigger_handler(int irq, void *p) int ret; int i, j = 0; + memset(&data, 0, sizeof(data)); + mutex_lock(&info->lock); for_each_set_bit(i, i_dev->active_scan_mask, i_dev->masklength) { -- Gitee