CVE-2024-38575: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-38575 affects the Linux kernel's brcmfmac PCIe driver. The vulnerability was discovered in June 2024 and involves a potential null pointer dereference in the brcmfpciedownloadfwnvram() function when physical memory is exhausted. This vulnerability affects Linux kernel versions from 6.1.30 up to 6.1.93, 6.3.4 up to 6.6.33, 6.7 up to 6.8.12, and 6.9 up to 6.9.3 (NVD).

The vulnerability occurs in the brcmfmac PCIe driver when kzalloc() returns null due to physical memory exhaustion. When this happens, attempting to use getrandombytes() to generate random bytes in the randbuf results in a null pointer dereference. The issue stems from the original implementation that used dynamic memory allocation for the random buffer. The CVSS v3.1 base score is 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a null pointer dereference in the Linux kernel's brcmfmac PCIe driver, potentially causing system crashes or denial of service when physical memory is exhausted (NVD).

A patch has been developed that adds a separate function using a buffer on the kernel stack to generate random bytes in the randbuf, preventing the allocation failure issue. The fix involves replacing the dynamic memory allocation with a stack-based buffer implementation (Kernel Patch).