ghsa-vp5v-47wj-p5r2
Vulnerability from github
Published
2025-03-06 18:31
Modified
2025-11-03 21:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: fix memory leaks and invalid access at probe error path

Deinitialize at reverse order when probe fails.

When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue.

And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked.

Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit 8d450935ae7f ("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory").

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-58063"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-06T16:15:52Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtlwifi: fix memory leaks and invalid access at probe error path\n\nDeinitialize at reverse order when probe fails.\n\nWhen init_sw_vars fails, rtl_deinit_core should not be called, specially\nnow that it destroys the rtl_wq workqueue.\n\nAnd call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be\nleaked.\n\nRemove pci_set_drvdata call as it will already be cleaned up by the core\ndriver code and could lead to memory leaks too. cf. commit 8d450935ae7f\n(\"wireless: rtlwifi: remove unnecessary pci_set_drvdata()\") and\ncommit 3d86b93064c7 (\"rtlwifi: Fix PCI probe error path orphaned memory\").",
  "id": "GHSA-vp5v-47wj-p5r2",
  "modified": "2025-11-03T21:33:07Z",
  "published": "2025-03-06T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58063"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/32acebca0a51f5e372536bfdc0d7d332ab749013"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/455e0f40b5352186a9095f2135d5c89255e7c39a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/624cea89a0865a2bc3e00182a6b0f954a94328b4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6b76bab5c257463302c9e97f5d84d524457468eb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/85b67b4c4a0f8a6fb20cf4ef7684ff2b0cf559df"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b96371339fd9cac90f5ee4ac17ee5c4cbbdfa6f7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e7ceefbfd8d447abc8aca8ab993a942803522c06"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee0b0d7baa8a6d42c7988f6e50c8f164cdf3fa47"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.