In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high \'sd_sgentry_align\' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1. Given the default [rt]xglom_size=32 it\'s actually 35 which is too small. Worst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB is added for each original SKB if tailroom isn\'t enough to hold tail_pad. At least one sg entry is needed for each SKB. So, eventually the skb_queue_walk loop in brcmf_sdiod_sglist_rw may run out of sg entries. This makes sg_next return NULL and this causes the oops. The patch sets nents to max(rxglom_size, txglom_size) * 2 to be able handle the worst-case. Btw. this requires only 64-35=29 * 16 (or 20 if CONFIG_NEED_SG_DMA_LENGTH) = 464 additional bytes of memory.
Find out more about CVE-2024-56593 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name | Status | Defect | Fixed | Downloads |
---|---|---|---|---|
Linux | ||||
Wind River Linux LTS 17 | Requires LTSS | -- | -- | -- |
Wind River Linux 8 | Requires LTSS | -- | -- | -- |
Wind River Linux 9 | Requires LTSS | -- | -- | -- |
Wind River Linux 7 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 21 | Vulnerable |
LIN1021-12797 |
-- | -- |
Wind River Linux LTS 22 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 18 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 19 | Requires LTSS | -- | -- | -- |
Wind River Linux CD release | N/A | -- | -- | -- |
Wind River Linux 6 | Requires LTSS | -- | -- | -- |
Wind River Linux LTS 23 | Not Vulnerable | -- | -- | -- |
Wind River Linux LTS 24 | Not Vulnerable | -- | -- | -- |
VxWorks | ||||
VxWorks 7 | Not Vulnerable | -- | -- | -- |
VxWorks 6.9 (End-of-Life) | Not Vulnerable | -- | -- | -- |
Helix Virtualization Platform Cert Edition | ||||
Helix Virtualization Platform Cert Edition | Not Vulnerable | -- | -- | -- |
eLxr | ||||
eLxr 12 | Fixed | -- | 6.1.123-1 | -- |
Wind River Studio Cloud Platform |
Product Name | Status | Defect | Fixed | Downloads |
---|