### [CVE-2024-38575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=91918ce88d9fef408bb12c46a27c73d79b604c20%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=ba72baed066f3bfa8b489e4b58f1fcaf51c04f83%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=c35105f375b530bc27e03ea9250b1c26dd4cae86%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: pcie: handle randbuf allocation failureThe kzalloc() in brcmf_pcie_download_fw_nvram() will return nullif the physical memory has run out. As a result, if we useget_random_bytes() to generate random bytes in the randbuf, thenull pointer dereference bug will happen.In order to prevent allocation failure, this patch adds a separatefunction using buffer on kernel stack to generate random bytes inthe randbuf, which could prevent the kernel stack from overflow.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/owenneal/lkml-patch-analysis