CVE-2024-58072
Published: 06 March 2025
Summary
CVE-2024-58072 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the use-after-free vulnerability in the rtlwifi driver by applying kernel patches that remove unused structures and prevent list corruption during failed probes.
Provides kernel memory protections such as KASLR, SMAP, and other safeguards to mitigate exploitation of the use-after-free accessing freed memory.
Enables detection of CVE-2024-58072 in deployed Linux kernels through vulnerability scanning, facilitating timely remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free in rtlwifi driver enables exploitation for privilege escalation via arbitrary code execution (T1068) and system crashes for denial of service (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of private data structures. Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match vendor…
more
version 2013.02.07") started adding the private data to that list at probe time and added a hook, check_buddy_priv to find the private data from a similar device. However, that function was never used. Besides, though there is a lock for that list, it is never used. And when the probe fails, the private data is never removed from the list. This would cause a second probe to access freed memory. Remove the unused hook, structures and members, which will prevent the potential race condition on the list and its corruption during a second probe when probe fails.
Deeper analysisAI
CVE-2024-58072 is a use-after-free vulnerability in the Linux kernel's rtlwifi subsystem. It arises from a global list of private data structures introduced by commit 2461c7d60f9f, with subsequent changes in commit 26634c4b1868 adding private data to the list during probe without properly removing it on failure. An unused lookup function, check_buddy_priv, and an unused lock on the list leave it vulnerable to corruption, allowing access to freed memory during a second probe attempt.
A local attacker with low privileges (AV:L/AC:L/PR:L/UI:N/S:U) can exploit this vulnerability by triggering probe operations in the rtlwifi driver that fail and retry. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), such as memory corruption, potentially leading to arbitrary code execution or system crashes, as classified under CWE-416.
Mitigation involves applying the upstream kernel patches referenced in the stable repository, including commits 006e803af740, 1b9cbd8a9ae68, 1e39b0486cdb, 2fdac64c3c358, and 465d01ef6962. These patches remove the unused check_buddy_priv hook, related structures, and members, eliminating the race condition and list corruption risk during failed probes.
Details
- CWE(s)