CVE-2024-57912
📋 TL;DR
This CVE-2024-57912 is an information leak vulnerability in the Linux kernel's zpa2326 pressure sensor driver. When triggered buffer data is sent to userspace, uninitialized memory from a struct hole between temperature and timestamp fields can be exposed. This affects Linux systems using the zpa2326 IIO pressure driver.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory disclosure could reveal sensitive information like encryption keys, passwords, or other process data from kernel memory, potentially enabling further attacks.
Likely Case
Limited information leak exposing random kernel memory contents, which could be used for information gathering or combined with other vulnerabilities.
If Mitigated
No information disclosure; only properly initialized sensor data is exposed to userspace.
🎯 Exploit Status
Requires local access and ability to interact with the zpa2326 IIO device interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing the fix commits
Vendor Advisory: https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
Restart Required: No
Instructions:
1. Update Linux kernel to patched version. 2. For custom kernels, apply the fix commits from git.kernel.org. 3. Recompile and install the updated kernel.
🔧 Temporary Workarounds
Disable zpa2326 driver
LinuxRemove or disable the vulnerable driver module if zpa2326 hardware is not needed
modprobe -r zpa2326
echo 'blacklist zpa2326' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict access to IIO device files (e.g., /sys/bus/iio/devices/) to trusted users only
- Monitor for unusual access patterns to pressure sensor device interfaces
🔍 How to Verify
Check if Vulnerable:
Check if zpa2326 module is loaded: lsmod | grep zpa2326 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or test that struct initialization occurs in driver code📡 Detection & Monitoring
Log Indicators:
- Unusual access to IIO device files
- Multiple reads from pressure sensor interfaces
Network Indicators:
- None - local vulnerability only
SIEM Query:
Process accessing /sys/bus/iio/devices/iio:device*/in_pressure* files from untrusted users🔗 References
- https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073
- https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab
- https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287
- https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf
- https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c
- https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8
- https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
