{"uuid": "82c1d261-23f2-49c9-8e42-5bab8206c8ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57910", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2342", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57910\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe 'buffer' local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.\n\ud83d\udccf Published: 2025-01-19T11:52:33.140Z\n\ud83d\udccf Modified: 2025-01-19T11:52:33.140Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518\n2. https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed\n3. https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c\n4. https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279", "creation_timestamp": "2025-01-19T11:58:40.000000Z"}