CVE-2024-38575

Updated: 2024-08-13 02:04:48.848628

Description:

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could prevent the kernel stack from overflow.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 4.4 MEDIUM Ignored 2024-08-13 14:24:46
AlmaLinux 9.2 FIPS kernel 5.14.0 4.4 MEDIUM Ignored 2024-08-13 14:24:46
CentOS 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2024-08-13 14:24:47
CentOS 7 ELS kernel 3.10.0 4.4 MEDIUM Ignored 2024-08-13 14:24:46
CentOS 8.4 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2024-08-20 05:25:45
CentOS 8.5 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2024-08-20 05:25:46
CentOS Stream 8 ELS kernel 4.18.0 4.4 MEDIUM Ignored 2024-08-20 05:25:45
CloudLinux 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2024-08-13 14:24:47
CloudLinux 7 ELS kernel 3.10.0 4.4 MEDIUM Ignored 2024-08-13 14:24:46
Oracle Linux 6 ELS kernel 2.6.32 4.4 MEDIUM Ignored 2024-08-13 14:24:46