cve/published/2024/CVE-2024-50198.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-50198: iio: light: veml6030: fix IIO device retrieval from embedded device

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 iio: light: veml6030: fix IIO device retrieval from embedded device

 The dev pointer that is received as an argument in the
 in_illuminance_period_available_show function references the device
 embedded in the IIO device, not in the i2c client.

 dev_to_iio_dev() must be used to accessthe right data. The current
 implementation leads to a segmentation fault on every attempt to read
 the attribute because indio_dev gets a NULL assignment.

 This bug has been present since the first appearance of the driver,
 apparently since the last version (V6) before getting applied. A
 constant attribute was used until then, and the last modifications might
 have not been tested again.

 The Linux kernel CVE team has assigned CVE-2024-50198 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 5.10.228 with commit bf3ab8e1c28f10df0823d4ff312f83c952b06a15
 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 5.15.169 with commit 50039aec43a82ad2495f2d0fb0c289c8717b4bb2
 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.1.114 with commit bcb90518ccd9e10bf6ab29e31994aab93e4a4361
 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.6.58 with commit 2cbb41abae65626736b8b52cf3b9339612c5a86a
 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.11.5 with commit 905166531831beb067fffe2bdfc98031ffe89087
 	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.12 with commit c7c44e57750c31de43906d97813273fdffcf7d02

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-50198
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/iio/light/veml6030.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
 	https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
 	https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
 	https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
 	https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
 	https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-50198: iio: light: veml6030: fix IIO device retrieval from embedded device

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	iio: light: veml6030: fix IIO device retrieval from embedded device

	The dev pointer that is received as an argument in the
	in_illuminance_period_available_show function references the device
	embedded in the IIO device, not in the i2c client.

	dev_to_iio_dev() must be used to accessthe right data. The current
	implementation leads to a segmentation fault on every attempt to read
	the attribute because indio_dev gets a NULL assignment.

	This bug has been present since the first appearance of the driver,
	apparently since the last version (V6) before getting applied. A
	constant attribute was used until then, and the last modifications might
	have not been tested again.

	The Linux kernel CVE team has assigned CVE-2024-50198 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 5.10.228 with commit bf3ab8e1c28f10df0823d4ff312f83c952b06a15
	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 5.15.169 with commit 50039aec43a82ad2495f2d0fb0c289c8717b4bb2
	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.1.114 with commit bcb90518ccd9e10bf6ab29e31994aab93e4a4361
	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.6.58 with commit 2cbb41abae65626736b8b52cf3b9339612c5a86a
	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.11.5 with commit 905166531831beb067fffe2bdfc98031ffe89087
	Issue introduced in 5.5 with commit 7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 and fixed in 6.12 with commit c7c44e57750c31de43906d97813273fdffcf7d02

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50198
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/iio/light/veml6030.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15
	https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2
	https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361
	https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a
	https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087
	https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02