CVE-2024-58072Use After Free in Linux

CWE-416Use After Free89 documents6 sources
Severity
7.8HIGHNVD
OSV8.8OSV7.1OSV5.9OSV5.5
EPSS
0.0%
top 92.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 6
Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures. Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device. However, that function was never used

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel3.105.4.291+6
Debianlinux/linux_kernel< 5.10.237-1+3
Ubuntulinux/linux_kernel< 5.4.0-216.236+2
CVEListV5linux/linux26634c4b1868323f49f8cd24c3493b57819867fdf801e754efa21bd61b3cc15ec7565696165b272f+8
debiandebian/linux< linux 6.1.129-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

44
OSV
linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities2025-09-03
OSV
linux-raspi vulnerabilities2025-07-24
OSV
linux-raspi-realtime vulnerabilities2025-07-24
OSV
linux-gcp, linux-gcp-6.8 vulnerabilities2025-07-22
OSV
linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities2025-07-22

📋Vendor Advisories

44
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-03
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-07-24
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-24
Ubuntu
Linux kernel (GCP) vulnerabilities2025-07-22
Ubuntu
Linux kernel vulnerabilities2025-07-22