Login Sign Up

CVE-2024-57908

7.1 HIGH

📋 TL;DR

This CVE describes an information leak vulnerability in the Linux kernel's kmx61 IMU driver. When triggered buffer data is sent to userspace, uninitialized memory from inactive channels may be exposed, potentially leaking sensitive kernel memory contents. This affects systems using the kmx61 IMU sensor driver in vulnerable Linux kernel versions.

💻 Affected Systems

Products:
  • Linux kernel with kmx61 IMU driver
Versions: Specific vulnerable kernel versions referenced in the git commits (exact range depends on distribution backports)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the kmx61 IMU sensor hardware and driver to be loaded/used. Not all systems will have this specific hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure could reveal sensitive information like encryption keys, passwords, or other process data, potentially enabling further exploitation or privilege escalation.

🟠

Likely Case

Limited information leak of kernel memory contents, which could be used to bypass security mechanisms or gather system information for targeted attacks.

🟢

If Mitigated

No information leak occurs; triggered buffer data contains only properly initialized sensor readings.

🌐 Internet-Facing: LOW - This requires local access to the affected system and specific hardware (kmx61 IMU) to be exploitable.
🏢 Internal Only: MEDIUM - Local attackers with access to systems using the kmx61 sensor could potentially exploit this to gather sensitive kernel information.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access, specific hardware, and understanding of kernel memory layout. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits: 0871eb8d700b33dd7fa86c80630d62ddaef58c2c, 565814cbbaa674d2901428796801de49a611e59d, 6985ba4467e4b15b809043fa7740d1fb23a1897b, 6ae053113f6a226a2303caa4936a4c37f3bfff7b, a07f698084412a3ef5e950fcac1d6b0f53289efd

Vendor Advisory: https://git.kernel.org/stable/c/0871eb8d700b33dd7fa86c80630d62ddaef58c2c

Restart Required: No

Instructions:

1. Update Linux kernel to a version containing the fix commits. 2. For distributions: Apply security updates from your vendor. 3. Rebuild kernel if compiling from source with the patched driver.

🔧 Temporary Workarounds

Disable kmx61 driver

all

Prevent loading of the vulnerable kmx61 IMU driver if not needed

echo 'blacklist kmx61' >> /etc/modprobe.d/blacklist-kmx61.conf
rmmod kmx61

🧯 If You Can't Patch

  • Restrict local access to systems with kmx61 hardware
  • Implement strict access controls and monitoring for systems using kmx61 sensors

🔍 How to Verify

Check if Vulnerable:

Check if kmx61 module is loaded: lsmod | grep kmx61 AND check kernel version against vulnerable ranges

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and kmx61 driver is updated

📡 Detection & Monitoring

Log Indicators:

  • Kernel logs showing kmx61 driver activity
  • System logs showing unusual local privilege escalation attempts

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process monitoring for unusual access to /dev/iio devices or kmx61-related system calls

📊 Metadata

CVE ID: CVE-2024-57908
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-908
EPSS Score: 0.05% exploit probability (15.8th percentile)
Published: January 19, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57908, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)