CVE-2024-27048: wifi: brcm80211: handle pmk_op allocation failure
First published: Wed May 01 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.6.23 | 6.6.23 |
| redhat/kernel | <6.7.11 | 6.7.11 |
| redhat/kernel | <6.8.2 | 6.8.2 |
| redhat/kernel | <6.9 | 6.9 |
| Linux Kernel | >=6.4<6.6.23 | |
| Linux Kernel | >=6.7<6.7.11 | |
| Linux Kernel | >=6.8<6.8.2 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.10-1 6.12.11-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6138a82f3bccfc67ed7ac059493579fc326c02e5
- https://git.kernel.org/stable/c/9975908315c13bae2f2ed5ba92870fa935180b0e
- https://git.kernel.org/stable/c/b4152222e04cb8afeeca239c90e3fcaf4c553b42
- https://git.kernel.org/stable/c/df62e22c2e27420e8990a4f09e30d7bf56c2036f
- https://launchpad.net/bugs/cve/CVE-2024-27048
- https://access.redhat.com/security/cve/CVE-2024-27048
- https://lore.kernel.org/linux-cve-announce/2024050114-CVE-2024-27048-016f@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2278432
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:3627
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2278431
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27048
- https://nvd.nist.gov/vuln/detail/CVE-2024-27048
- https://security-tracker.debian.org/tracker/CVE-2024-27048
- https://ubuntu.com/security/CVE-2024-27048
- https://git.kernel.org/linus/b4152222e04cb8afeeca239c90e3fcaf4c553b42
Frequently Asked Questions
What is the severity of CVE-2024-27048?
CVE-2024-27048 is classified as a high severity vulnerability due to the potential for null pointer dereference leading to denial of service.
How do I fix CVE-2024-27048?
To fix CVE-2024-27048, update the Linux kernel to version 6.6.23, 6.7.11, 6.8.2, or 6.9 for Red Hat systems or the appropriate patched version for Debian based systems.
Which kernel versions are affected by CVE-2024-27048?
CVE-2024-27048 affects Linux kernel versions prior to 6.6.23, 6.7.11, 6.8.2, and 6.9.
What type of issue is CVE-2024-27048?
CVE-2024-27048 is a memory allocation issue in the Linux kernel's brcm80211 wifi driver.
Can CVE-2024-27048 lead to remote exploits?
CVE-2024-27048 does not lead to remote code execution but can cause denial of service due to system crashes.
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-27048
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/trending
- agent/remedy
- agent/severity
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.4
- version/linux kernel/6.7
- version/linux kernel/6.8
- package-manager/debian