CVE-2024-58072 in Linuxinfo

Summary

by MITRE • 03/06/2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: remove unused check_buddy_priv

Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures.

Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device.

However, that function was never used.

Besides, though there is a lock for that list, it is never used. And when the probe fails, the private data is never removed from the list. This would cause a second probe to access freed memory.

Remove the unused hook, structures and members, which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 02/16/2026

The vulnerability identified as CVE-2024-58072 resides within the linux kernel's rtlwifi wireless driver component, specifically addressing a memory safety issue in the handling of private data structures during device probe operations. This flaw manifests in the rtlwifi subsystem which manages Realtek wireless network adapters, creating potential security implications through improper memory management practices that could lead to system instability or exploitation.

The technical root cause stems from the introduction of a global list containing private data structures in commit 2461c7d60f9f, followed by subsequent modifications in commit 26634c4b1868 that added functionality to populate this list during device probe operations. The implementation included a hook function named check_buddy_priv designed to locate private data from similar devices, yet this function remained unused throughout the codebase. The vulnerability extends beyond the unused function to include improper memory lifecycle management where private data structures are not properly removed from the global list when probe operations fail, creating a scenario where subsequent probe attempts may access freed memory locations.

This memory corruption vulnerability creates a potential race condition scenario that aligns with CWE-362, specifically addressing concurrent execution issues where multiple threads or processes may access shared resources without proper synchronization. The absence of proper locking mechanisms for the global list, combined with the failure to clean up memory structures during probe failures, establishes a path for memory corruption that could be exploited through malicious device probe sequences. The issue particularly affects the rtlwifi driver's ability to maintain consistent state during device initialization and reinitialization scenarios, as demonstrated by the potential for second probe operations to access freed memory locations.

The operational impact of this vulnerability extends beyond simple memory corruption to potentially enable privilege escalation or denial of service conditions within the kernel space. When device probe operations fail and private data structures remain in the global list, subsequent probe attempts may trigger use-after-free conditions that could be leveraged by attackers to execute arbitrary code with kernel privileges. This vulnerability affects systems running affected kernel versions where the rtlwifi driver is active, particularly impacting wireless network functionality and system stability during device enumeration and reconnection scenarios.

Mitigation strategies should focus on applying the kernel patch that removes the unused check_buddy_priv hook along with the associated structures and members, effectively eliminating the race condition and memory corruption vectors. System administrators should prioritize kernel updates to versions containing the fix, as this vulnerability represents a fundamental memory safety issue that could be exploited to compromise system integrity. The remediation addresses the root cause by ensuring proper cleanup of private data structures during probe failures and removing unused code paths that could potentially be leveraged by attackers. Organizations should also implement monitoring for unusual wireless device probe behavior and maintain up-to-date kernel security patches to prevent exploitation of similar memory corruption vulnerabilities in other kernel subsystems. The fix aligns with ATT&CK technique T1068 by addressing kernel-level privilege escalation vectors through proper memory management practices.

Responsible

Linux

Reservation

03/06/2025

Disclosure

03/06/2025

Moderation

accepted

CPE

ready

EPSS

0.00188

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!