CVE-2024-57905
Published: 19 January 2025
Summary
CVE-2024-57905 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique OS Credential Dumping (T1003); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates timely flaw remediation, directly addressing the uninitialized memory leak in the TI-ADS1119 driver via kernel patches.
SC-4 prevents unauthorized information transfer via shared system resources, such as the triggered buffer leaking kernel memory to userspace.
SI-16 enforces memory protection mechanisms to block unauthorized disclosure of uninitialized kernel memory through the driver interface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel memory disclosure via uninitialized buffer leak directly enables local reading of sensitive data (including potential credentials) from kernel space.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole…
more
between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Deeper analysisAI
CVE-2024-57905 is an information disclosure vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the TI-ADS1119 ADC driver. The issue arises in triggered buffer mode, where a local 'scan' structure used to push data to userspace contains an uninitialized hole between the sample (unsigned int) and timestamp fields. This results in uninitialized kernel memory being exposed to userspace, classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability by interacting with the ti-ads1119 driver in triggered buffer mode. Successful exploitation allows the attacker to read sensitive uninitialized kernel memory leaked through the buffer, achieving high confidentiality impact. The CVSS vector also indicates high availability impact, though the root cause stems from the uninitialized data exposure.
The provided kernel patch references detail the fix: commits 2f1687cca911a2f294313c762e0646cd9e7be8cc and 75f339d3ecd38cb1ce05357d647189d4a7f7ed08 initialize the 'scan' structure to zero before use, preventing the leak. Security practitioners should update to kernels incorporating these stable commits to mitigate the issue.
Details
- CWE(s)