We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-50198

iio: light: veml6030: fix IIO device retrieval from embedded device



Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment. This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.

Reserved 2024-10-21 | Published 2024-11-08 | Updated 2024-11-19 | Assigner Linux

Product status

Default status
unaffected

7b779f573c48 before bf3ab8e1c28f
affected

7b779f573c48 before 50039aec43a8
affected

7b779f573c48 before bcb90518ccd9
affected

7b779f573c48 before 2cbb41abae65
affected

7b779f573c48 before 905166531831
affected

7b779f573c48 before c7c44e57750c
affected

Default status
affected

5.5
affected

Any version before 5.5
unaffected

5.10.228
unaffected

5.15.169
unaffected

6.1.114
unaffected

6.6.58
unaffected

6.11.5
unaffected

6.12
unaffected

References

git.kernel.org/...c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15

git.kernel.org/...c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2

git.kernel.org/...c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361

git.kernel.org/...c/2cbb41abae65626736b8b52cf3b9339612c5a86a

git.kernel.org/...c/905166531831beb067fffe2bdfc98031ffe89087

git.kernel.org/...c/c7c44e57750c31de43906d97813273fdffcf7d02

cve.org (CVE-2024-50198)

nvd.nist.gov (CVE-2024-50198)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-50198

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.