Bug 2350363 (CVE-2024-58072) - CVE-2024-58072 kernel: wifi: rtlwifi: remove unused check_buddy_priv
Summary: CVE-2024-58072 kernel: wifi: rtlwifi: remove unused check_buddy_priv
Keywords:
Status: NEW
Alias: CVE-2024-58072
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-03-06 16:01 UTC by OSIDB Bzimport
Modified: 2025-03-14 16:37 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-03-06 16:01:49 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: remove unused check_buddy_priv

Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global
list of private data structures.

Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match
vendor version 2013.02.07") started adding the private data to that list at
probe time and added a hook, check_buddy_priv to find the private data from
a similar device.

However, that function was never used.

Besides, though there is a lock for that list, it is never used. And when
the probe fails, the private data is never removed from the list. This
would cause a second probe to access freed memory.

Remove the unused hook, structures and members, which will prevent the
potential race condition on the list and its corruption during a second
probe when probe fails.
Comment 1 Mauro Matteo Cascella 2025-03-06 17:31:16 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025030612-CVE-2024-58072-2dc3@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.