CVE-2024-56593
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56593
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56593.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56593
- Related
- Published
- 2024-12-27T15:15:18Z
- Modified
- 2025-01-11T13:53:28.400718Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglist_rw()
This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue.
The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglomsize, txglomsize) + max(rxglomsize, txglomsize) >> 4 + 1. Given the default [rt]xglomsize=32 it's actually 35 which is too small. Worst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB is added for each original SKB if tailroom isn't enough to hold tailpad. At least one sg entry is needed for each SKB. So, eventually the "skbqueuewalk loop" in brcmfsdiodsglistrw may run out of sg entries. This makes sgnext return NULL and this causes the oops.
The patch sets nents to max(rxglomsize, txglomsize) * 2 to be able handle the worst-case. Btw. this requires only 64-35=29 * 16 (or 20 if CONFIGNEEDSGDMALENGTH) = 464 additional bytes of memory.
- References
-
- https://git.kernel.org/stable/c/07c020c6d14d29e5a3ea4e4576b8ecf956a80834
- https://git.kernel.org/stable/c/342f87d263462c2670b77ea9a32074cab2ac6fa1
- https://git.kernel.org/stable/c/34941321b516bd7c6103bd01287d71a1804d19d3
- https://git.kernel.org/stable/c/67a25ea28f8ec1da8894f2f115d01d3becf67dc7
- https://git.kernel.org/stable/c/7522d7d745d13fbeff3350fe6aa56c8dae263571
- https://git.kernel.org/stable/c/857282b819cbaa0675aaab1e7542e2c0579f52d7
- https://git.kernel.org/stable/c/dfb3f9d3f602602de208da7bdcc0f6d5ee74af68
- https://security-tracker.debian.org/tracker/CVE-2024-56593
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1
5.10.197-1
5.10.205-1
5.10.205-2
5.10.209-1
5.10.209-2
5.10.216-1
5.10.218-1
5.10.221-1
5.10.223-1
5.10.226-1
5.13.9-1~exp1
5.13.9-1~exp2
5.13.12-1~exp1
5.14-1~exp1
5.14-1~exp2
5.14.1-1~exp1
5.14.2-1~exp1
5.14.3-1~exp1
5.14.6-1
5.14.6-2
5.14.6-3
5.14.9-1
5.14.9-2~bpo11+1
5.14.9-2
5.14.12-1
5.14.16-1
5.15-1~exp1
5.15.1-1~exp1
5.15.2-1~exp1
5.15.3-1
5.15.5-1
5.15.5-2~bpo11+1
5.15.5-2
5.15.15-1
5.15.15-2~bpo11+1
5.15.15-2
5.16~rc1-1~exp1
5.16~rc3-1~exp1
5.16~rc4-1~exp1
5.16~rc5-1~exp1
5.16~rc6-1~exp1
5.16~rc7-1~exp1
5.16~rc8-1~exp1
5.16.3-1~exp1
5.16.4-1~exp1
5.16.7-1
5.16.7-2
5.16.10-1
5.16.11-1~bpo11+1
5.16.11-1
5.16.12-1~bpo11+1
5.16.12-1
5.16.14-1
5.16.18-1
5.17~rc3-1~exp1
5.17~rc4-1~exp1
5.17~rc5-1~exp1
5.17~rc6-1~exp1
5.17~rc7-1~exp1
5.17~rc8-1~exp1
5.17.1-1~exp1
5.17.3-1
5.17.6-1
5.17.11-1
5.18-1~exp1
5.18.2-1~bpo11+1
5.18.2-1
5.18.5-1
5.18.14-1~bpo11+1
5.18.14-1
5.18.16-1~bpo11+1
5.18.16-1
5.19~rc4-1~exp1
5.19~rc6-1~exp1
5.19-1~exp1
5.19.6-1
5.19.11-1~bpo11+1
5.19.11-1
6.*
6.0~rc7-1~exp1
6.0-1~exp1
6.0.2-1
6.0.3-1~bpo11+1
6.0.3-1
6.0.5-1
6.0.6-1
6.0.6-2
6.0.7-1
6.0.8-1
6.0.10-1
6.0.10-2
6.0.12-1~bpo11+1
6.0.12-1
6.0.12-1+alpha
6.1~rc3-1~exp1
6.1~rc5-1~exp1
6.1~rc6-1~exp1
6.1~rc7-1~exp1
6.1~rc8-1~exp1
6.1.1-1~exp1
6.1.1-1~exp2
6.1.2-1~exp1
6.1.4-1
6.1.7-1
6.1.8-1
6.1.8-1+sh4
6.1.11-1
6.1.12-1~bpo11+1
6.1.12-1
6.1.15-1~bpo11+1
6.1.15-1
6.1.20-1~bpo11+1
6.1.20-1
6.1.20-2~bpo11+1
6.1.20-2
6.1.25-1
6.1.27-1~bpo11+1
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.1.115-1
6.1.119-1
6.1.123-1
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1
6.9.7-1
6.9.8-1
6.9.9-1
6.9.10-1~bpo12+1
6.9.10-1
6.9.11-1
6.9.12-1
6.10-1~exp1
6.10.1-1~exp1
6.10.3-1
6.10.4-1
6.10.6-1~bpo12+1
6.10.6-1
6.10.7-1
6.10.9-1
6.10.11-1~bpo12+1
6.10.11-1
6.10.12-1
6.11~rc4-1~exp1
6.11~rc5-1~exp1
6.11-1~exp1
6.11.2-1
6.11.4-1
6.11.5-1~bpo12+1
6.11.5-1
6.11.6-1
6.11.7-1
6.11.9-1
6.11.10-1~bpo12+1
6.11.10-1
6.12~rc6-1~exp1
6.12.3-1
6.12.5-1
6.12.6-1
6.12.8-1
6.12.9-1
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.123-1
Affected versions
6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.1.115-1
6.1.119-1
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.12.5-1
Affected versions
6.*
6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.1.115-1
6.1.119-1
6.1.123-1
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1
6.8.9-1
6.8.11-1
6.8.12-1~bpo12+1
6.8.12-1
6.9.2-1~exp1
6.9.7-1~bpo12+1
6.9.7-1
6.9.8-1
6.9.9-1
6.9.10-1~bpo12+1
6.9.10-1
6.9.11-1
6.9.12-1
6.10-1~exp1
6.10.1-1~exp1
6.10.3-1
6.10.4-1
6.10.6-1~bpo12+1
6.10.6-1
6.10.7-1
6.10.9-1
6.10.11-1~bpo12+1
6.10.11-1
6.10.12-1
6.11~rc4-1~exp1
6.11~rc5-1~exp1
6.11-1~exp1
6.11.2-1
6.11.4-1
6.11.5-1~bpo12+1
6.11.5-1
6.11.6-1
6.11.7-1
6.11.9-1
6.11.10-1~bpo12+1
6.11.10-1
6.12~rc6-1~exp1
6.12.3-1