CVE-2024-38575
wifi: brcmfmac: pcie: handle randbuf allocation failure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: pcie: handle randbuf allocation failure
The kzalloc() in brcmf_pcie_download_fw_nvram() will return null
if the physical memory has run out. As a result, if we use
get_random_bytes() to generate random bytes in the randbuf, the
null pointer dereference bug will happen.
In order to prevent allocation failure, this patch adds a separate
function using buffer on kernel stack to generate random bytes in
the randbuf, which could prevent the kernel stack from overflow.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: pcie: manejar fallo de asignación de randbuf El kzalloc() en brcmf_pcie_download_fw_nvram() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos get_random_bytes() para generar bytes aleatorios en randbuf, se producirá el error de desreferencia del puntero nulo. Para evitar fallas en la asignación, este parche agrega una función separada que utiliza el búfer en la pila del kernel para generar bytes aleatorios en randbuf, lo que podría evitar que la pila del kernel se desborde.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-06-18 CVE Reserved
- 2024-06-19 CVE Published
- 2024-06-20 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/c35105f375b530bc27e03ea9250b1c26dd4cae86 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/91918ce88d9fef408bb12c46a27c73d79b604c20 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ba72baed066f3bfa8b489e4b58f1fcaf51c04f83 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-38575 | 2024-08-15 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2293418 | 2024-08-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.1.30 < 6.1.93 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.30 < 6.1.93" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.6.33 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.6.33" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.8.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.9.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.9.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.4 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.4 < 6.10" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.3.4 Search vendor "Linux" for product "Linux Kernel" and version "6.3.4" | en |
Affected
| ||||||