CVE-2024-58014
Published: 27 February 2025
Summary
CVE-2024-58014 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-58014 is a vulnerability in the Linux kernel's brcmsmac WiFi driver, specifically within the wlc_phy_iqcal_gainparams_nphy() function. The issue stems from a missing gain range check, which could lead to an out-of-bounds read access to the tbl_iqcal_gainparams_nphy array. This flaw, classified under CWE-125 (Out-of-bounds Read), carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high severity due to potential confidentiality and availability impacts.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation could result in high confidentiality loss, such as unauthorized access to sensitive data, and high availability disruption, potentially causing denial of service through kernel crashes or instability.
Mitigation is provided through patches applied to stable Linux kernel versions, as detailed in kernel commit references including 093286c33409bf38896f2dab0c0bb6ca388afb33, 0a457223cb2b9ca46bae7de387d0f4c093b0220d, 13ef16c4fe384b1e70277bbe1d87934ee6c81e12, 3f4a0948c3524ae50f166dbc6572a3296b014e62, and 6f6e293246dc1f5b2b6b3d0f2d757598489cda79. These commits add the necessary gain range check before accessing the array, redirecting invalid cases to a WARN() instead.
The vulnerability was identified by the Linux Verification Center (linuxtesting.org) using the SVACE static analysis tool, with patches compile-tested only. No public reports of real-world exploitation exist as of the CVE publication on 2025-02-27.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5208
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center…
more
(linuxtesting.org) with SVACE.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read enables local kernel memory disclosure (T1005) and system crash/DoS via driver exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of software flaws like the out-of-bounds read in the Linux kernel's brcmsmac WiFi driver by applying upstream patches.
Vulnerability scanning and monitoring identifies systems with unpatched Linux kernels vulnerable to CVE-2024-58014 in the brcmsmac driver.
System monitoring detects indicators of exploitation such as kernel crashes or anomalous driver behavior from out-of-bounds reads in wlc_phy_iqcal_gainparams_nphy().