CVE-2024-50198
- Source
- https://cve.org/CVERecord?id=CVE-2024-50198
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50198.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50198
- Downstream
- Related
- Published
- 2024-11-08T05:54:12.450Z
- Modified
- 2026-03-20T12:39:37.787944Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- iio: light: veml6030: fix IIO device retrieval from embedded device
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
iio: light: veml6030: fix IIO device retrieval from embedded device
The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c client.
devtoiiodev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indiodev gets a NULL assignment.
This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50198.json" }- References
-
- https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
- https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
- https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
- https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
- https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
- https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50198.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-50198
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6Fixedbf3ab8e1c28f10df0823d4ff312f83c952b06a15Fixed50039aec43a82ad2495f2d0fb0c289c8717b4bb2Fixedbcb90518ccd9e10bf6ab29e31994aab93e4a4361Fixed2cbb41abae65626736b8b52cf3b9339612c5a86aFixed905166531831beb067fffe2bdfc98031ffe89087Fixedc7c44e57750c31de43906d97813273fdffcf7d02