From 191445c1077f743feb51a98df58936f5e779fb4f Mon Sep 17 00:00:00 2001 From: Javier Carrasco Date: Fri, 21 Feb 2025 03:51:04 +0000 Subject: [PATCH] iio: imu: kmx61: fix information leak in triggered buffer stable inclusion from stable-v5.10.234 commit a386d9d2dc6635f2ec210b8199cfb3acf4d31305 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBIQVT CVE: CVE-2024-57908 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a386d9d2dc6635f2ec210b8199cfb3acf4d31305 -------------------------------- commit 6ae053113f6a226a2303caa4936a4c37f3bfff7b upstream. The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. Cc: stable@vger.kernel.org Fixes: c3a23ecc0901 ("iio: imu: kmx61: Add support for data ready triggers") Signed-off-by: Javier Carrasco Link: https://patch.msgid.link/20241125-iio_memset_scan_holes-v1-5-0cb6e98d895c@gmail.com Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman Signed-off-by: Xia Fukun --- drivers/iio/imu/kmx61.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/imu/kmx61.c b/drivers/iio/imu/kmx61.c index 89133315e6aa..b5c3500b7e9e 100644 --- a/drivers/iio/imu/kmx61.c +++ b/drivers/iio/imu/kmx61.c @@ -1198,7 +1198,7 @@ static irqreturn_t kmx61_trigger_handler(int irq, void *p) struct kmx61_data *data = kmx61_get_data(indio_dev); int bit, ret, i = 0; u8 base; - s16 buffer[8]; + s16 buffer[8] = { }; if (indio_dev == data->acc_indio_dev) base = KMX61_ACC_XOUT_L; -- Gitee