CVE-2024-58072 (GCVE-0-2024-58072)
Vulnerability from cvelistv5
Published
2025-03-06 15:54
Modified
2025-05-04 10:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures. Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device. However, that function was never used. Besides, though there is a lock for that list, it is never used. And when the probe fails, the private data is never removed from the list. This would cause a second probe to access freed memory. Remove the unused hook, structures and members, which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.
References
Impacted products
Vendor Product Version
Linux Linux Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
Version: 26634c4b1868323f49f8cd24c3493b57819867fd
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/realtek/rtlwifi/base.c",
            "drivers/net/wireless/realtek/rtlwifi/base.h",
            "drivers/net/wireless/realtek/rtlwifi/pci.c",
            "drivers/net/wireless/realtek/rtlwifi/wifi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f801e754efa21bd61b3cc15ec7565696165b272f",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "8e2fcc68fbaab3ad9f5671fee2be0956134b740a",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "1e39b0486cdb496cdfba3bc89886150e46acf6f4",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "543e3e9f2e9e47ded774c74e680f28a0ca362aee",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "006e803af7408c3fc815b0654fc5ab43d34f0154",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            },
            {
              "lessThan": "2fdac64c3c35858aa8ac5caa70b232e03456e120",
              "status": "affected",
              "version": "26634c4b1868323f49f8cd24c3493b57819867fd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/realtek/rtlwifi/base.c",
            "drivers/net/wireless/realtek/rtlwifi/base.h",
            "drivers/net/wireless/realtek/rtlwifi/pci.c",
            "drivers/net/wireless/realtek/rtlwifi/wifi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T10:09:20.322Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120"
        }
      ],
      "title": "wifi: rtlwifi: remove unused check_buddy_priv",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-58072",
    "datePublished": "2025-03-06T15:54:11.665Z",
    "dateReserved": "2025-03-06T15:52:09.182Z",
    "dateUpdated": "2025-05-04T10:09:20.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-58072\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-03-06T16:15:53.703\",\"lastModified\":\"2025-03-13T13:15:45.920\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: rtlwifi: remove unused check_buddy_priv\\n\\nCommit 2461c7d60f9f (\\\"rtlwifi: Update header file\\\") introduced a global\\nlist of private data structures.\\n\\nLater on, commit 26634c4b1868 (\\\"rtlwifi Modify existing bits to match\\nvendor version 2013.02.07\\\") started adding the private data to that list at\\nprobe time and added a hook, check_buddy_priv to find the private data from\\na similar device.\\n\\nHowever, that function was never used.\\n\\nBesides, though there is a lock for that list, it is never used. And when\\nthe probe fails, the private data is never removed from the list. This\\nwould cause a second probe to access freed memory.\\n\\nRemove the unused hook, structures and members, which will prevent the\\npotential race condition on the list and its corruption during a second\\nprobe when probe fails.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtlwifi: eliminar check_buddy_priv no utilizado el commit 2461c7d60f9f (\\\"rtlwifi: Actualizar archivo de encabezado\\\") introdujo una lista global de estructuras de datos privados. M\u00e1s tarde, el commit 26634c4b1868 (\\\"rtlwifi Modificar bits existentes para que coincidan con la versi\u00f3n del proveedor 2013.02.07\\\") comenz\u00f3 a agregar los datos privados a esa lista en el momento del sondeo y agreg\u00f3 un gancho, check_buddy_priv para encontrar los datos privados de un dispositivo similar. Sin embargo, esa funci\u00f3n nunca se us\u00f3. Adem\u00e1s, aunque hay un bloqueo para esa lista, nunca se usa. Y cuando el sondeo falla, los datos privados nunca se eliminan de la lista. Esto har\u00eda que un segundo sondeo acceda a la memoria liberada. Elimine el gancho, las estructuras y los miembros no utilizados, lo que evitar\u00e1 la posible condici\u00f3n de ejecuci\u00f3n en la lista y su corrupci\u00f3n durante un segundo sondeo cuando el sondeo falla.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.