medium
5.5
CWE
401
Advisory Published
Updated

CVE-2024-58063: wifi: rtlwifi: fix memory leaks and invalid access at probe error path

First published: Thu Mar 06 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked. Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit 8d450935ae7f ("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory").

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=2.6.38<5.4.291
Linux Kernel>=5.5<5.10.235
Linux Kernel>=5.11<5.15.179
Linux Kernel>=5.16<6.1.129
Linux Kernel>=6.2<6.6.76
Linux Kernel>=6.7<6.12.13
Linux Kernel>=6.13<6.13.2

Remedy

https://git.kernel.org/stable/c/32acebca0a51f5e372536bfdc0d7d332ab749013

Remedy

https://git.kernel.org/stable/c/455e0f40b5352186a9095f2135d5c89255e7c39a

Remedy

https://git.kernel.org/stable/c/624cea89a0865a2bc3e00182a6b0f954a94328b4

Remedy

https://git.kernel.org/stable/c/6b76bab5c257463302c9e97f5d84d524457468eb

Remedy

https://git.kernel.org/stable/c/85b67b4c4a0f8a6fb20cf4ef7684ff2b0cf559df

Remedy

https://git.kernel.org/stable/c/b96371339fd9cac90f5ee4ac17ee5c4cbbdfa6f7

Remedy

https://git.kernel.org/stable/c/e7ceefbfd8d447abc8aca8ab993a942803522c06

Remedy

https://git.kernel.org/stable/c/ee0b0d7baa8a6d42c7988f6e50c8f164cdf3fa47

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-58063?

    CVE-2024-58063 has been classified as low severity due to its nature of memory leaks and invalid access that primarily affects system stability.

  • How do I fix CVE-2024-58063?

    To mitigate CVE-2024-58063, ensure your Linux kernel is updated to the latest stable version where this vulnerability has been resolved.

  • What systems are affected by CVE-2024-58063?

    CVE-2024-58063 affects Linux kernel versions utilized in various distributions that include rtlwifi drivers.

  • What is the impact of CVE-2024-58063?

    The impact of CVE-2024-58063 includes potential memory leaks and unstable behavior when the probe process fails.

  • Is CVE-2024-58063 remotely exploitable?

    CVE-2024-58063 is not considered remotely exploitable as it primarily affects internal memory management during driver initialization.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203