5.5

CVE-2024-50198

iio: light: veml6030: fix IIO device retrieval from embedded device

In the Linux kernel, the following vulnerability has been resolved:

iio: light: veml6030: fix IIO device retrieval from embedded device

The dev pointer that is received as an argument in the
in_illuminance_period_available_show function references the device
embedded in the IIO device, not in the i2c client.

dev_to_iio_dev() must be used to accessthe right data. The current
implementation leads to a segmentation fault on every attempt to read
the attribute because indio_dev gets a NULL assignment.

This bug has been present since the first appearance of the driver,
apparently since the last version (V6) before getting applied. A
constant attribute was used until then, and the last modifications might
have not been tested again.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.5 < 5.10.228
LinuxLinux Kernel Version >= 5.11 < 5.15.169
LinuxLinux Kernel Version >= 5.16 < 6.1.114
LinuxLinux Kernel Version >= 6.2 < 6.6.58
LinuxLinux Kernel Version >= 6.7 < 6.11.5
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.106
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
Patch
https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
Patch
https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
Patch
https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
Patch
https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
Patch
https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
Patch
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html