{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-58072", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-03-06T15:52:09.182Z", "datePublished": "2025-03-06T15:54:11.665Z", "dateUpdated": "2025-05-04T10:09:20.322Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T10:09:20.322Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/realtek/rtlwifi/base.c", "drivers/net/wireless/realtek/rtlwifi/base.h", "drivers/net/wireless/realtek/rtlwifi/pci.c", "drivers/net/wireless/realtek/rtlwifi/wifi.h"], "versions": [{"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "f801e754efa21bd61b3cc15ec7565696165b272f", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "8e2fcc68fbaab3ad9f5671fee2be0956134b740a", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "1e39b0486cdb496cdfba3bc89886150e46acf6f4", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "543e3e9f2e9e47ded774c74e680f28a0ca362aee", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "006e803af7408c3fc815b0654fc5ab43d34f0154", "status": "affected", "versionType": "git"}, {"version": "26634c4b1868323f49f8cd24c3493b57819867fd", "lessThan": "2fdac64c3c35858aa8ac5caa70b232e03456e120", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/realtek/rtlwifi/base.c", "drivers/net/wireless/realtek/rtlwifi/base.h", "drivers/net/wireless/realtek/rtlwifi/pci.c", "drivers/net/wireless/realtek/rtlwifi/wifi.h"], "versions": [{"version": "3.10", "status": "affected"}, {"version": "0", "lessThan": "3.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.291", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.235", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.179", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.129", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.76", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.13", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13.2", "lessThanOrEqual": "6.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "5.4.291"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "5.10.235"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "5.15.179"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.1.129"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.6.76"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.12.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.13.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10", "versionEndExcluding": "6.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f"}, {"url": "https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9"}, {"url": "https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a"}, {"url": "https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4"}, {"url": "https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1"}, {"url": "https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee"}, {"url": "https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154"}, {"url": "https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120"}], "title": "wifi: rtlwifi: remove unused check_buddy_priv", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0ACA7A2C-C4C2-4035-B2FD-0D544B71CC80", "versionEndExcluding": "5.4.291", "versionStartIncluding": "3.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DA5009C-C9B9-4A1D-9B96-78427E8F232C", "versionEndExcluding": "6.1.129", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6D70701-9CB6-4222-A957-00A419878993", "versionEndExcluding": "6.6.76", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2897389C-A8C3-4D69-90F2-E701B3D66373", "versionEndExcluding": "6.12.13", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D4116B1-1BFD-4F23-BA84-169CC05FC5A3", "versionEndExcluding": "6.13.2", "versionStartIncluding": "6.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: remove unused check_buddy_priv\n\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\n\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\n\nHowever, that function was never used.\n\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\n\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtlwifi: eliminar check_buddy_priv no utilizado el commit 2461c7d60f9f (\"rtlwifi: Actualizar archivo de encabezado\") introdujo una lista global de estructuras de datos privados. M\u00e1s tarde, el commit 26634c4b1868 (\"rtlwifi Modificar bits existentes para que coincidan con la versi\u00f3n del proveedor 2013.02.07\") comenz\u00f3 a agregar los datos privados a esa lista en el momento del sondeo y agreg\u00f3 un gancho, check_buddy_priv para encontrar los datos privados de un dispositivo similar. Sin embargo, esa funci\u00f3n nunca se us\u00f3. Adem\u00e1s, aunque hay un bloqueo para esa lista, nunca se usa. Y cuando el sondeo falla, los datos privados nunca se eliminan de la lista. Esto har\u00eda que un segundo sondeo acceda a la memoria liberada. Elimine el gancho, las estructuras y los miembros no utilizados, lo que evitar\u00e1 la posible condici\u00f3n de ejecuci\u00f3n en la lista y su corrupci\u00f3n durante un segundo sondeo cuando el sondeo falla."}], "id": "CVE-2024-58072", "lastModified": "2025-10-30T21:26:47.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-03-06T16:15:53.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wifi: rtlwifi: remove unused check_buddy_priv", "id": "2350363", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350363"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwifi: rtlwifi: remove unused check_buddy_priv\nCommit 2461c7d60f9f (\"rtlwifi: Update header file\") introduced a global\nlist of private data structures.\nLater on, commit 26634c4b1868 (\"rtlwifi Modify existing bits to match\nvendor version 2013.02.07\") started adding the private data to that list at\nprobe time and added a hook, check_buddy_priv to find the private data from\na similar device.\nHowever, that function was never used.\nBesides, though there is a lock for that list, it is never used. And when\nthe probe fails, the private data is never removed from the list. This\nwould cause a second probe to access freed memory.\nRemove the unused hook, structures and members, which will prevent the\npotential race condition on the list and its corruption during a second\nprobe when probe fails."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent module rtlwifi from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2024-58072", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-58072\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58072\nhttps://lore.kernel.org/linux-cve-announce/2025030612-CVE-2024-58072-2dc3@gregkh/T"], "statement": "The bug could happen during initialization (when probing PCI driver). The security impact is limited, because only privileged user can trigger the bug.", "threat_severity": "Moderate"}

{"created": "2025-07-12T22:23:22.405651+00:00", "updated": "2025-07-12T22:23:22.405714+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}