Cyber Resilience

CVE-2024-58014

HighUpdated

Published: 27 February 2025

Published
27 February 2025
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0001 1.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-58014 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-58014 is a vulnerability in the Linux kernel's brcmsmac WiFi driver, specifically within the wlc_phy_iqcal_gainparams_nphy() function. The issue stems from a missing gain range check, which could lead to an out-of-bounds read access to the tbl_iqcal_gainparams_nphy array. This flaw, classified under CWE-125 (Out-of-bounds Read), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high severity due to potential confidentiality and availability impacts.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high confidentiality loss, such as unauthorized access to sensitive data, and high availability disruption, potentially causing denial of service through kernel crashes or instability.

Mitigation is provided through patches applied to stable Linux kernel versions, as detailed in kernel commit references including 093286c33409bf38896f2dab0c0bb6ca388afb33, 0a457223cb2b9ca46bae7de387d0f4c093b0220d, 13ef16c4fe384b1e70277bbe1d87934ee6c81e12, 3f4a0948c3524ae50f166dbc6572a3296b014e62, and 6f6e293246dc1f5b2b6b3d0f2d757598489cda79. These commits add the necessary gain range check before accessing the array, redirecting invalid cases to a WARN() instead.

The vulnerability was identified by the Linux Verification Center (linuxtesting.org) using the SVACE static analysis tool, with patches compile-tested only. No public reports of real-world exploitation exist as of the CVE publication on 2025-02-27.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center…

more

(linuxtesting.org) with SVACE.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read enables local kernel memory disclosure (T1005) and system crash/DoS via driver exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31513Same product: Linux Linux Kernel
CVE-2025-21789Same product: Linux Linux Kernel
CVE-2025-21741Same product: Linux Linux Kernel
CVE-2024-52332Same product: Linux Linux Kernel
CVE-2025-21742Same product: Linux Linux Kernel
CVE-2025-71231Same product: Linux Linux Kernel
CVE-2024-58015Same product: Linux Linux Kernel
CVE-2026-23187Same product: Linux Linux Kernel
CVE-2025-71093Same product: Linux Linux Kernel
CVE-2026-23315Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
3.2 — 5.4.291 · 5.5 — 5.10.235 · 5.11 — 5.15.179

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of software flaws like the out-of-bounds read in the Linux kernel's brcmsmac WiFi driver by applying upstream patches.

detect

Vulnerability scanning and monitoring identifies systems with unpatched Linux kernels vulnerable to CVE-2024-58014 in the brcmsmac driver.

detect

System monitoring detects indicators of exploitation such as kernel crashes or anomalous driver behavior from out-of-bounds reads in wlc_phy_iqcal_gainparams_nphy().

References