CVE-2024-58072
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures. Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device. However, that function was never used. Besides, though there is a lock for that list, it is never used. And when the probe fails, the private data is never removed from the list. This would cause a second probe to access freed memory. Remove the unused hook, structures and members, which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-20518.html
Vendor advisory: alma — https://bugzilla.redhat.com/2383441
Vendor advisory: alma — https://bugzilla.redhat.com/2376076
Vendor advisory: alma — https://bugzilla.redhat.com/2369184
Vendor advisory: alma — https://bugzilla.redhat.com/2363380
Vendor advisory: alma — https://bugzilla.redhat.com/2360215
Vendor advisory: alma — https://bugzilla.redhat.com/2351633
Vendor advisory: alma — https://bugzilla.redhat.com/2351629
Vendor advisory: alma — https://bugzilla.redhat.com/2351625
Vendor advisory: alma — https://bugzilla.redhat.com/2351624
Vendor advisory: alma — https://bugzilla.redhat.com/2351620
Vendor advisory: alma — https://bugzilla.redhat.com/2351618
Vendor advisory: alma — https://bugzilla.redhat.com/2351616
Vendor advisory: alma — https://bugzilla.redhat.com/2351613
Vendor advisory: alma — https://bugzilla.redhat.com/2351612
Vendor advisory: alma — https://bugzilla.redhat.com/2351608
Vendor advisory: alma — https://bugzilla.redhat.com/2351606
Vendor advisory: alma — https://bugzilla.redhat.com/2350726
Vendor advisory: alma — https://bugzilla.redhat.com/2350725
Vendor advisory: alma — https://bugzilla.redhat.com/2350589
Vendor advisory: alma — https://bugzilla.redhat.com/2350585
Vendor advisory: alma — https://bugzilla.redhat.com/2350400
Vendor advisory: alma — https://bugzilla.redhat.com/2350397
Vendor advisory: alma — https://bugzilla.redhat.com/2350396
Vendor advisory: alma — https://bugzilla.redhat.com/2350392
Vendor advisory: alma — https://bugzilla.redhat.com/2350388
Vendor advisory: alma — https://bugzilla.redhat.com/2350386
Vendor advisory: alma — https://bugzilla.redhat.com/2350375
Vendor advisory: alma — https://bugzilla.redhat.com/2350374
Vendor advisory: alma — https://bugzilla.redhat.com/2350367
Vendor advisory: alma — https://bugzilla.redhat.com/2350363
Vendor advisory: alma — https://bugzilla.redhat.com/2348901
Vendor advisory: alma — https://bugzilla.redhat.com/2348654
Vendor advisory: alma — https://bugzilla.redhat.com/2348650
Vendor advisory: alma — https://bugzilla.redhat.com/2348645
Vendor advisory: alma — https://bugzilla.redhat.com/2348634
Vendor advisory: alma — https://bugzilla.redhat.com/2348625
Vendor advisory: alma — https://bugzilla.redhat.com/2348620
Vendor advisory: alma — https://bugzilla.redhat.com/2348615
Vendor advisory: alma — https://bugzilla.redhat.com/2348601
Vendor advisory: alma — https://bugzilla.redhat.com/2348600
Vendor advisory: alma — https://bugzilla.redhat.com/2348597
Vendor advisory: alma — https://bugzilla.redhat.com/2348595
Vendor advisory: alma — https://bugzilla.redhat.com/2348587
Vendor advisory: alma — https://bugzilla.redhat.com/2348585
Vendor advisory: alma — https://bugzilla.redhat.com/2348584
Vendor advisory: alma — https://bugzilla.redhat.com/2348581
Vendor advisory: alma — https://bugzilla.redhat.com/2348578
Vendor advisory: alma — https://bugzilla.redhat.com/2348577
Vendor advisory: alma — https://bugzilla.redhat.com/2348574
Vendor advisory: alma — https://bugzilla.redhat.com/2348573
Vendor advisory: alma — https://bugzilla.redhat.com/2348566
Vendor advisory: alma — https://bugzilla.redhat.com/2348556
Vendor advisory: alma — https://bugzilla.redhat.com/2348554
Vendor advisory: alma — https://bugzilla.redhat.com/2348550
Vendor advisory: alma — https://bugzilla.redhat.com/2348547
Vendor advisory: alma — https://bugzilla.redhat.com/2348543
Vendor advisory: alma — https://bugzilla.redhat.com/2348541
Vendor advisory: alma — https://bugzilla.redhat.com/2348528
Vendor advisory: alma — https://bugzilla.redhat.com/2348523
Vendor advisory: alma — https://bugzilla.redhat.com/2348515
Vendor advisory: alma — https://bugzilla.redhat.com/2348279
Vendor advisory: alma — https://bugzilla.redhat.com/2348240
Vendor advisory: alma — https://bugzilla.redhat.com/2348238
Vendor advisory: alma — https://bugzilla.redhat.com/2348071
Vendor advisory: alma — https://bugzilla.redhat.com/2348022
Vendor advisory: alma — https://bugzilla.redhat.com/2347968
Vendor advisory: alma — https://bugzilla.redhat.com/2347919
Vendor advisory: alma — https://bugzilla.redhat.com/2347859
Vendor advisory: alma — https://bugzilla.redhat.com/2347807
Vendor advisory: alma — https://bugzilla.redhat.com/2347781
Vendor advisory: alma — https://bugzilla.redhat.com/2347759
Vendor advisory: alma — https://bugzilla.redhat.com/2347753
Vendor advisory: alma — https://bugzilla.redhat.com/2347707
Vendor advisory: alma — https://bugzilla.redhat.com/2346272
Vendor advisory: alma — https://bugzilla.redhat.com/2345240
Vendor advisory: alma — https://bugzilla.redhat.com/2344687
Vendor advisory: alma — https://bugzilla.redhat.com/2344684
Vendor advisory: alma — https://bugzilla.redhat.com/2343175
Vendor advisory: alma — https://bugzilla.redhat.com/2343172
Vendor advisory: alma — https://bugzilla.redhat.com/2338832
Vendor advisory: alma — https://bugzilla.redhat.com/2338828
Vendor advisory: alma — https://bugzilla.redhat.com/2338814
Vendor advisory: alma — https://bugzilla.redhat.com/2337124
Vendor advisory: alma — https://bugzilla.redhat.com/2337121
Vendor advisory: alma — https://bugzilla.redhat.com/2336541
Vendor advisory: alma — https://bugzilla.redhat.com/2334829
Vendor advisory: alma — https://bugzilla.redhat.com/2334795
Vendor advisory: alma — https://bugzilla.redhat.com/2334676
Vendor advisory: alma — https://bugzilla.redhat.com/2334560
Vendor advisory: alma — https://bugzilla.redhat.com/2334548
Vendor advisory: alma — https://bugzilla.redhat.com/2334547
Vendor advisory: alma — https://bugzilla.redhat.com/2334537
Vendor advisory: alma — https://bugzilla.redhat.com/2334439
Vendor advisory: alma — https://bugzilla.redhat.com/2334415
Vendor advisory: alma — https://bugzilla.redhat.com/2334396
Vendor advisory: alma — https://bugzilla.redhat.com/2334357
Vendor advisory: alma — https://bugzilla.redhat.com/2331326
Vendor advisory: alma — https://bugzilla.redhat.com/2330341
Vendor advisory: alma — https://bugzilla.redhat.com/2329918
Vendor advisory: alma — https://bugzilla.redhat.com/2327887
Vendor advisory: alma — https://bugzilla.redhat.com/2327374
Vendor advisory: alma — https://bugzilla.redhat.com/2327203
Vendor advisory: alma — https://bugzilla.redhat.com/2324549
Vendor advisory: alma — https://bugzilla.redhat.com/2320722
Vendor advisory: alma — https://bugzilla.redhat.com/2320616
Vendor advisory: alma — https://bugzilla.redhat.com/2320455
Vendor advisory: alma — https://bugzilla.redhat.com/2320259
Vendor advisory: alma — https://bugzilla.redhat.com/2320172
Vendor advisory: alma — https://bugzilla.redhat.com/2313092
Vendor advisory: alma — https://bugzilla.redhat.com/2312077
Vendor advisory: alma — https://bugzilla.redhat.com/2298169
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-58072
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:20518
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-58072.html
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:20518
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | bookworm | fixed | 6.1.129-1 |
| debian | bullseye | fixed | 5.10.237-1 |
| debian | forky | fixed | 6.12.13-1 |
| debian | sid | fixed | 6.12.13-1 |
| debian | trixie | fixed | 6.12.13-1 |
| linux-kernel | affected | 5.4.291 | |
| almalinux | 9 | fixed | kernel-doc-5.14.0-611.5.1.el9_7.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2025:20518
- https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154
- https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9
- https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4
- https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120
- https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1
- https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee
- https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a
- https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://www.suse.com/security/cve/CVE-2024-58072.html
- https://errata.rockylinux.org/RLSA-2025:20518
- https://security-tracker.debian.org/tracker/CVE-2024-58072
- https://bugzilla.redhat.com/2298169
- https://bugzilla.redhat.com/2312077
- https://bugzilla.redhat.com/2313092
- https://bugzilla.redhat.com/2320172
- https://bugzilla.redhat.com/2320259
- https://bugzilla.redhat.com/2320455
- https://bugzilla.redhat.com/2320616
- https://bugzilla.redhat.com/2320722
- https://bugzilla.redhat.com/2324549
- https://bugzilla.redhat.com/2327203
CWEs
CWE-416
Verify integrity in audit chain (admin only). AS-IS.