mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.4 KiB
1.4 KiB
CVE-2024-38575
Description
In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: pcie: handle randbuf allocation failureThe kzalloc() in brcmf_pcie_download_fw_nvram() will return nullif the physical memory has run out. As a result, if we useget_random_bytes() to generate random bytes in the randbuf, thenull pointer dereference bug will happen.In order to prevent allocation failure, this patch adds a separatefunction using buffer on kernel stack to generate random bytes inthe randbuf, which could prevent the kernel stack from overflow.
POC
Reference
No PoCs from references.