// For flags

CVE-2024-26584

net: tls: handle backlogging of crypto requests

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: tls: handle backlogging of crypto requests

Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.

Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tls: manejar el retraso de solicitudes criptográficas Dado que estamos configurando el indicador CRYPTO_TFM_REQ_MAY_BACKLOG en nuestras solicitudes a la API criptográfica, crypto_aead_{encrypt,decrypt} puede devolver -EBUSY en lugar de - EINPROGRESS en situaciones válidas. Por ejemplo, cuando la cola cryptd para AESNI está llena (fácil de activar con un cryptd.cryptd_max_cpu_qlen artificialmente bajo), las solicitudes se pondrán en cola en el trabajo pendiente, pero aún así se procesarán. En ese caso, la devolución de llamada asíncrona también se llamará dos veces: primero con err == -EINPROGRESS, que parece que podemos ignorar, luego con err == 0. En comparación con el parche original de Sabrina, esta versión usa el nuevo tls_*crypt_async_wait( ) ayuda y convierte EBUSY a EINPROGRESS para evitar tener que modificar todas las rutas de manejo de errores. El manejo es idéntico.

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on requests to the crypto API, crypto_aead_encrypt and crypto_aead_decrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a denial of service condition.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-02-21 CVE Published
  • 2024-05-01 EPSS Updated
  • 2024-12-19 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-393: Return of Wrong Status Code
  • CWE-755: Improper Handling of Exceptional Conditions
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 5.15.160
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 5.15.160"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.1.84
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.1.84"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.6.18
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.6.18"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.7.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.7.6"
en
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.16 < 6.8
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16 < 6.8"
en
Affected