CVE-2024-58072
Published: 06 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2024-58072 is a use-after-free vulnerability in the Linux kernel's rtlwifi subsystem. It arises from a global list of private data structures introduced by commit 2461c7d60f9f, with subsequent changes in commit 26634c4b1868 adding private data to the list during probe without properly removing it on failure. An unused lookup function, check_buddy_priv, and an unused lock on the list leave it vulnerable to corruption, allowing access to freed memory during a second probe attempt.
A local attacker with low privileges (AV:L/AC:L/PR:L/UI:N/S:U) can exploit this vulnerability by triggering probe operations in the rtlwifi driver that fail and retry. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), such as memory corruption, potentially leading to arbitrary code execution or system crashes, as classified under CWE-416.
Mitigation involves applying the upstream kernel patches referenced in the stable repository, including commits 006e803af740, 1b9cbd8a9ae68, 1e39b0486cdb, 2fdac64c3c358, and 465d01ef6962. These patches remove the unused check_buddy_priv hook, related structures, and members, eliminating the race condition and list corruption risk during failed probes.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Local kernel use-after-free in rtlwifi driver enables exploitation for privilege escalation via arbitrary code execution (T1068) and system crashes for denial of service (T1499.004).