CVE-2024-57909
Published: 19 January 2025
Summary
CVE-2024-57909 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SC-4 (Information in Shared System Resources).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through kernel patching that initializes the scan struct to zero, preventing uninitialized memory leakage to userspace.
Prevents unauthorized transfer of uninitialized kernel memory via shared system resources like the IIO triggered buffer exposed to userspace.
Restricts system functionality by disabling or not loading the unnecessary BH1745 driver, eliminating exposure to the information disclosure vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct kernel memory disclosure to userspace via uninitialized struct in local driver enables reading sensitive local system data.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set…
more
values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
Deeper analysisAI
CVE-2024-57909 is an information disclosure vulnerability in the Linux kernel's Industrial I/O (IIO) subsystem, specifically the BH1745 light sensor driver. The issue arises in the triggered buffer mode, where a local 'scan' struct is used to push data to userspace. This struct is not fully initialized, as it only updates values for active channels via iio_for_each_active_channel(), leaving inactive channels with uninitialized kernel memory that gets exposed to userspace. It is classified under CWE-908 (Use of Uninitialized Resource) with a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A local attacker with low privileges can exploit this vulnerability by triggering the buffer on a system with the affected BH1745 driver loaded. This allows reading of uninitialized kernel memory leaked into userspace, potentially exposing sensitive data such as kernel stack contents. The high confidentiality impact enables information gathering, while the high availability impact suggests potential for denial-of-service through memory corruption or related effects, all with low complexity and no user interaction required.
The provided kernel patch references detail the fix: commit 1cca2a666e099aa018e5ab385f0a6e01a3053629 and b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0 initialize the 'scan' struct to zero before use, preventing the leak of uninitialized data. Security practitioners should apply these stable kernel updates to affected versions and consider disabling the BH1745 driver if not needed.
Details
- CWE(s)