CVE-2024-58072 Information

Mar 07, 2025 cve

Description

In the Linux kernel the following vulnerability has been resolved:

wifi: rtlwifi: remove unused check_buddy_priv

Commit 2461c7d60f9f ( tlwifi: Update header file) introduced a global list of private data structures.

Later on commit 26634c4b1868 ( tlwifi Modify existing bits to match vendor version 2013.02.07) started adding the private data to that list at probe time and added a hook check_buddy_priv to find the private data from a similar device.

However that function was never used.

Besides though there is a lock for that list it is never used. And when the probe fails the private data is never removed from the list. This would cause a second probe to access freed memory.

Remove the unused hook structures and members which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.

Reference

https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154 https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4 https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120 https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1 https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee

Share on: