CVE-2024-27048

Advisory lineage Upstream: 0 Downstream: 13

Downstream

DEBIAN-CVE-2024-27048 RHSA-2024:3618 RHSA-2024:3627 RHSA-2024:9315 RHSA-2025:3935 SUSE-SU-2025:20008-1

Analyzed

Published: 01 May 2024, 12:54

Last modified:11 May 2026, 20:09

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v3.1 (nvd)

EPSS Score

<0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 May 2024, 12:54

Published

Vulnerability first disclosed

11 May 2026, 20:09

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op.

CVSS Metrics

v3.1•MEDIUM•Score: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 1%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

linux•linux
≥ a96202acaea47fa8377088e0952bb63bd02a3bab, < df62e22c2e27420e8990a4f09e30d7bf56c2036f | ≥ a96202acaea47fa8377088e0952bb63bd02a3bab, < 9975908315c13bae2f2ed5ba92870fa935180b0e | ≥ a96202acaea47fa8377088e0952bb63bd02a3bab, < 6138a82f3bccfc67ed7ac059493579fc326c02e5 | ≥ a96202acaea47fa8377088e0952bb63bd02a3bab, < b4152222e04cb8afeeca239c90e3fcaf4c553b42 | 6.4
linux•linux_kernel
≥ 6.4, < 6.6.23 | ≥ 6.7, < 6.7.11 | ≥ 6.8, < 6.8.2