CVE-2024-56593
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-56593 is a Linux kernel vulnerability affecting the brcmfmac driver. The issue arises from a NULL pointer dereference in the function brcmf_sdiod_sglist_rw(). This occurs when a large number of queued SKBs are sent from the pkt queue and the pre-allocated sgtable does not have enough entries due to a calculation error. Consequently, the skb_queue_walk loop may run out of sg entries, resulting in a NULL pointer and an oops. The patch resolves this issue by increasing the number of pre-allocated sgtable entries to handle worst-case scenarios. Specifically, nents is set to max(rxglom_size, txglom_size) * 2, requiring only approximately 464 additional bytes of memory.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.