Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:iio: light: veml6030: fix IIO device retrieval from embedded deviceThe dev pointer that is received as an argument in thein_illuminance_period_available_show function references the deviceembedded in the IIO device, not in the i2c client.dev_to_iio_dev() must be used to accessthe right data. The currentimplementation leads to a segmentation fault on every attempt to readthe attribute because indio_dev gets a NULL assignment.This bug has been present since the first appearance of the driver,apparently since the last version (V6) before getting applied. Aconstant attribute was used until then, and the last modifications mighthave not been tested again.
No PoCs from references.
- https://github.com/w4zu/Debian_security