CVE-2024-26583: tls: fix race between async notify and socket close
In the Linux kernel, the following vulnerability has been resolved:
tls: fix race between async notify and socket close
The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization.
Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
Other sources
Linux Kernel is vulnerable to a denial of service, caused by a race condition in the tls subsystem. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
— IBM
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-26583?
CVE-2024-26583 has not been assigned a specific CVSS score, but it is considered a significant vulnerability in the Linux kernel.
How do I fix CVE-2024-26583?
To remediate CVE-2024-26583, update the Linux kernel to version 6.8 or later for Red Hat systems, or apply the latest patches available in your Linux distribution.
What versions of the Linux kernel are affected by CVE-2024-26583?
CVE-2024-26583 affects Linux kernel versions from 5.7.0 up to 6.1.79 and between 6.2.0 and 6.6.18, as well as versions 6.7.0 to 6.7.6.
Is CVE-2024-26583 a local or remote vulnerability?
CVE-2024-26583 is classified as a local vulnerability, as it arises from operations that require local user privileges.
What impact does CVE-2024-26583 have on systems?
The impact of CVE-2024-26583 includes potential data corruption or system crashes if the vulnerable code is executed in the context of an application calling async crypto handlers.