Wiz
Vulnerability DatabaseCVE-2024-58015

CVE-2024-58015
Linux Kernel vulnerability analysis and mitigation

Overview

CVE-2024-58015 affects the Linux kernel's ath12k WiFi driver. The vulnerability was discovered through a Coverity scan (CIDs 1600742 and 1600758) and was disclosed on February 26, 2025. The issue involves an out-of-bounds access error in the selfgen stats buffer handling within the ath12k driver (NVD, Kernel Commit).

Technical details

The vulnerability occurs in the printarraytobufindex() function where array length parameters passed to the function are too large, potentially causing out-of-bounds memory access. The issue specifically affects the handling of AC and AX MU-MIMO statistics in the ath12k driver's debugfs interface. The fix involves decreasing the buffer size by one to correct the faulty upper bound of the passed array (Kernel Commit).

Impact

The vulnerability could potentially lead to out-of-bounds memory access in the Linux kernel's ath12k WiFi driver, which might result in system instability or potential security implications when accessing debugfs statistics (NVD).

Mitigation and workarounds

A patch has been developed and committed to the Linux kernel that fixes the issue by adjusting the buffer size calculations in the affected functions. Users should update their Linux kernel to a version that includes this fix (Kernel Commit).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo