CVE-2024-58063

wifi: rtlwifi: fix memory leaks and invalid access at probe error path

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory will be leaked. Remove pci_set_drvdata call as it will already be cleaned up by the core driver code and could lead to memory leaks too. cf. commit 8d450935ae7f ("wireless: rtlwifi: remove unnecessary pci_set_drvdata()") and commit 3d86b93064c7 ("rtlwifi: Fix PCI probe error path orphaned memory").

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/85b67b4c4a0f8a6fb20cf4ef7684ff2b0cf559df patch
https://git.kernel.org/stable/c/455e0f40b5352186a9095f2135d5c89255e7c39a patch
https://git.kernel.org/stable/c/b96371339fd9cac90f5ee4ac17ee5c4cbbdfa6f7 patch
https://git.kernel.org/stable/c/ee0b0d7baa8a6d42c7988f6e50c8f164cdf3fa47 patch
https://git.kernel.org/stable/c/624cea89a0865a2bc3e00182a6b0f954a94328b4 patch
https://git.kernel.org/stable/c/32acebca0a51f5e372536bfdc0d7d332ab749013 patch
https://git.kernel.org/stable/c/6b76bab5c257463302c9e97f5d84d524457468eb patch
https://git.kernel.org/stable/c/e7ceefbfd8d447abc8aca8ab993a942803522c06 patch

Frequently Asked Questions

What is the severity of CVE-2024-58063?
CVE-2024-58063 has been scored as a medium severity vulnerability.
How to fix CVE-2024-58063?
To fix CVE-2024-58063, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-58063 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-58063 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-58063?
CVE-2024-58063 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.