cve/2024/CVE-2024-38575.md

### [CVE-2024-38575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38575)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=c35105f375b5%3C%200eb2c0528e23%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: pcie: handle randbuf allocation failureThe kzalloc() in brcmf_pcie_download_fw_nvram() will return nullif the physical memory has run out. As a result, if we useget_random_bytes() to generate random bytes in the randbuf, thenull pointer dereference bug will happen.In order to prevent allocation failure, this patch adds a separatefunction using buffer on kernel stack to generate random bytes inthe randbuf, which could prevent the kernel stack from overflow.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/owenneal/lkml-patch-analysis