CVE-2024-26583Race Condition in Linux

CWE-362Race ConditionCWE-825Expired Pointer Dereference52 documents8 sources
Severity
4.7MEDIUMNVD
OSV7.8OSV7.5OSV7.0OSV6.5OSV5.5
EPSS
0.0%
top 93.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedFeb 21
Latest updateAug 22

Description

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with re

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages15 packages

NVDlinux/linux_kernel5.7.06.1.79+2
Debianlinux/linux_kernel< 6.1.82-1+2
Ubuntulinux/linux_kernel< 5.4.0-190.210+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

25
OSV
linux-raspi-5.4 vulnerabilities2024-08-22
OSV
linux-oracle, linux-oracle-5.4 vulnerabilities2024-08-09
OSV
linux-aws, linux-aws-5.4 vulnerabilities2024-07-30
OSV
linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabili2024-07-29
OSV
linux-raspi vulnerabilities2024-07-26

📋Vendor Advisories

25
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2024-08-22
Ubuntu
Linux kernel (Oracle) vulnerabilities2024-08-09
Ubuntu
Linux kernel vulnerabilities2024-07-30
Ubuntu
Linux kernel vulnerabilities2024-07-29
Ubuntu
Linux kernel vulnerabilities2024-07-26

💬Community

1
Bugzilla
CVE-2024-26583 kernel: tls: race between async notify and socket close2024-02-22