CVE-2024-50198
Published: Nov 8, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment. This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 - < bf3ab8e1c28f10df0823d4ff312f83c952b06a15affected 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 - < 50039aec43a82ad2495f2d0fb0c289c8717b4bb2affected 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 - < bcb90518ccd9e10bf6ab29e31994aab93e4a4361affected 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 - < 2cbb41abae65626736b8b52cf3b9339612c5a86aaffected 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 - < 905166531831beb067fffe2bdfc98031ffe89087+1 more versions |
Linux | Linux | affected 5.5unaffected 0 - < 5.5unaffected 5.10.228 - <= 5.10.*unaffected 5.15.169 - <= 5.15.*unaffected 6.1.114 - <= 6.1.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now