CVE-2024-58072
📋 TL;DR
This CVE describes a use-after-free vulnerability in the Linux kernel's rtlwifi driver. When a WiFi device probe fails, private data structures aren't properly removed from a global list, potentially allowing access to freed memory during subsequent probe attempts. This affects Linux systems using Realtek WiFi hardware with the vulnerable driver.
💻 Affected Systems
- Linux kernel with rtlwifi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash leading to denial of service, with potential for privilege escalation if an attacker can control the freed memory region.
Likely Case
System instability or crashes when WiFi hardware initialization fails, particularly during driver reloads or hardware resets.
If Mitigated
No impact if the vulnerable driver isn't loaded or if WiFi hardware probes succeed consistently.
🎯 Exploit Status
Exploitation requires local access and ability to trigger WiFi device probe failures. No public exploits are known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with commit 006e803af7408c3fc815b0654fc5ab43d34f0154 or later
Vendor Advisory: https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commit. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel. 4. No reboot required for driver-only updates, but kernel update may require reboot.
🔧 Temporary Workarounds
Disable rtlwifi driver
allPrevent loading of the vulnerable driver module
echo 'blacklist rtlwifi' >> /etc/modprobe.d/blacklist-rtlwifi.conf
rmmod rtlwifi
Use alternative WiFi driver
linuxSwitch to alternative Realtek driver if available
modprobe -r rtlwifi
modprobe rtl8xxxu
🧯 If You Can't Patch
- Disable WiFi hardware if not required
- Use USB WiFi adapter with different driver
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if rtlwifi module is loaded: lsmod | grep rtlwifi && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commit: git log --oneline | grep -i '006e803af7408c3fc815b0654fc5ab43d34f0154'📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- 'BUG: unable to handle kernel paging request' in dmesg
- WiFi driver probe failure logs
Network Indicators:
- Unexpected WiFi interface disappearance
- Failed WiFi connection attempts
SIEM Query:
source="kernel" AND ("rtlwifi" OR "use-after-free" OR "BUG:")🔗 References
- https://git.kernel.org/stable/c/006e803af7408c3fc815b0654fc5ab43d34f0154
- https://git.kernel.org/stable/c/1b9cbd8a9ae68b32099fbb03b2d5ffa0c5e0dcc9
- https://git.kernel.org/stable/c/1e39b0486cdb496cdfba3bc89886150e46acf6f4
- https://git.kernel.org/stable/c/2fdac64c3c35858aa8ac5caa70b232e03456e120
- https://git.kernel.org/stable/c/465d01ef6962b82b1f0ad1f3e58b398dbd35c1c1
- https://git.kernel.org/stable/c/543e3e9f2e9e47ded774c74e680f28a0ca362aee
- https://git.kernel.org/stable/c/8e2fcc68fbaab3ad9f5671fee2be0956134b740a
- https://git.kernel.org/stable/c/f801e754efa21bd61b3cc15ec7565696165b272f
- https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
