{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-46715","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-09-11T15:12:18.254Z","datePublished":"2024-09-18T06:32:15.466Z","dateUpdated":"2026-01-05T10:52:49.956Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-01-05T10:52:49.956Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndriver: iio: add missing checks on iio_info's callback access\n\nSome callbacks from iio_info structure are accessed without any check, so\nif a driver doesn't implement them trying to access the corresponding\nsysfs entries produce a kernel oops such as:\n\n[ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute\n[...]\n[ 2203.783416] Call trace:\n[ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48\n[ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120\n[ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4\n[ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0\n[ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4\n[ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54\n[ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)\n[ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000\n[ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000\n[ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0\n[ 2203.830363] Code: bad PC value\n[ 2203.832695] ---[ end trace 0000000000000000 ]---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/industrialio-core.c","drivers/iio/industrialio-event.c","drivers/iio/inkern.c"],"versions":[{"version":"51239600074bc9979b0a0e83b72c726d7dcc3132","lessThan":"0cc7e0ee31e5c44904e98e2229d591e093282a70","status":"affected","versionType":"git"},{"version":"51239600074bc9979b0a0e83b72c726d7dcc3132","lessThan":"72f022ebb9deac28663fa4c04ba315ed5d6654d1","status":"affected","versionType":"git"},{"version":"51239600074bc9979b0a0e83b72c726d7dcc3132","lessThan":"dc537a72f64890d883d24ae4ac58733fc5bc523d","status":"affected","versionType":"git"},{"version":"51239600074bc9979b0a0e83b72c726d7dcc3132","lessThan":"c4ec8dedca961db056ec85cb7ca8c9f7e2e92252","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iio/industrialio-core.c","drivers/iio/industrialio-event.c","drivers/iio/inkern.c"],"versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","status":"unaffected","versionType":"semver"},{"version":"6.1.109","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.50","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.10.9","lessThanOrEqual":"6.10.*","status":"unaffected","versionType":"semver"},{"version":"6.11","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.1.109"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.6.50"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.10.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"6.11"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70"},{"url":"https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1"},{"url":"https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d"},{"url":"https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252"}],"title":"driver: iio: add missing checks on iio_info's callback access","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-29T14:58:24.856339Z","id":"CVE-2024-46715","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-29T14:58:39.554Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T22:16:46.735Z"}}]}}