CVE-2024-27048

MEDIUM5.5

wifi: brcm80211: handle pmk_op allocation failure

Published May 1, 2024

Modified 8 months ago

No fix available

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcm80211: handle pmk_op allocation failure

The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen.

Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op.

References

WEBhttps://git.kernel.org/stable/c/6138a82f3bccfc67ed7ac059493579fc326c02e5 WEBhttps://git.kernel.org/stable/c/9975908315c13bae2f2ed5ba92870fa935180b0e WEBhttps://git.kernel.org/stable/c/b4152222e04cb8afeeca239c90e3fcaf4c553b42 WEBhttps://git.kernel.org/stable/c/df62e22c2e27420e8990a4f09e30d7bf56c2036f ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2024-27048

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 1, 2024

ModifiedMay 4, 2025