CVE-2024-50198

MEDIUM EPSS 10.8%
Published Nov 8, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Nov 8, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment. This bug has been present since the first appearance of the driver, apparently since the last version (V6) before getting applied. A constant attribute was used until then, and the last modifications might have not been tested again.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥5.5  –  <5.10.228
linuxlinux_kernel*≥5.11  –  <5.15.169
linuxlinux_kernel*≥5.16  –  <6.1.114
linuxlinux_kernel*≥6.2  –  <6.6.58
linuxlinux_kernel*≥6.7  –  <6.11.5
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any
linuxlinux_kernel6.12any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
    Patch