CVE-2024-57909
📋 TL;DR
This CVE-2024-57909 is an information leak vulnerability in the Linux kernel's BH1745 light sensor driver. It allows uninitialized kernel memory to be exposed to userspace through triggered buffer operations. Systems running vulnerable Linux kernel versions with the BH1745 driver loaded are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sensitive kernel memory contents could be leaked to unprivileged userspace processes, potentially exposing cryptographic keys, process memory, or other sensitive data.
Likely Case
Limited information disclosure of uninitialized kernel stack memory to userspace applications accessing the BH1745 sensor data.
If Mitigated
No data leakage occurs; sensor readings are properly sanitized before being exposed to userspace.
🎯 Exploit Status
Exploitation requires local access and knowledge of the sensor interface. No known public exploits exist.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 1cca2a666e099aa018e5ab385f0a6e01a3053629 or b62fbe3b8eedd3cf3c9ad0b7cb9f72c3f40815f0
Vendor Advisory: https://git.kernel.org/stable/c/1cca2a666e099aa018e5ab385f0a6e01a3053629
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution vendor. 2. Reboot the system to load the new kernel.
🔧 Temporary Workarounds
Disable BH1745 driver
LinuxUnload or blacklist the bh1745 kernel module if not needed
sudo rmmod bh1745
echo 'blacklist bh1745' | sudo tee /etc/modprobe.d/bh1745-blacklist.conf
🧯 If You Can't Patch
- Restrict access to IIO device files (typically in /sys/bus/iio/devices/) to trusted users only
- Disable triggered buffer functionality for the BH1745 sensor if possible through configuration
🔍 How to Verify
Check if Vulnerable:
Check if bh1745 module is loaded: lsmod | grep bh1745. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commits or is newer than the patched versions. Check /proc/version or uname -r.📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing bh1745 module loading
- System logs showing unusual access to IIO device files
Network Indicators:
- None - this is a local vulnerability
SIEM Query:
Process accessing /sys/bus/iio/devices/iio:device*/scan_elements/* or similar IIO paths with unusual patterns