CVE-2024-50198

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50198
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50198.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50198
Downstream
Related
Published
2024-11-08T06:15:16Z
Modified
2025-10-01T21:16:03Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

iio: light: veml6030: fix IIO device retrieval from embedded device

The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c client.

devtoiiodev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indiodev gets a NULL assignment.

This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.

References

Affected packages