CVE-2024-50198

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-50198

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50198.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-50198

Downstream

BELL-CVE-2024-50198

DEBIAN-CVE-2024-50198

DLA-4008-1

DLA-4075-1

OESA-2024-2445

OESA-2024-2446

OESA-2024-2447

OESA-2024-2448

SUSE-SU-2024:4314-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4316-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

openSUSE-SU-2024:14500-1

openSUSE-SU-2025:14705-1

Related

Published

2024-11-08T06:15:16Z

Modified

2025-10-01T21:16:03Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iio: light: veml6030: fix IIO device retrieval from embedded device

The dev pointer that is received as an argument in the inilluminanceperiodavailableshow function references the device embedded in the IIO device, not in the i2c client.

devtoiiodev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indiodev gets a NULL assignment.

This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.

References

Affected packages