CVE-2024-26585
tls: fix race between tx work scheduling and socket close
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete().
Reorder scheduling the work before calling complete().
This seems more logical in the first place, as it's
the inverse order of what the submitting thread will do.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tls: corrige la ejecución entre la programación de trabajo de transmisión y el cierre del socket De manera similar a el commit anterior, el hilo de envío (recvmsg/sendmsg) puede cerrarse tan pronto como el controlador de cifrado asíncrono llame a complete(). Reordene la programación del trabajo antes de llamar a complete(). En primer lugar, esto parece más lógico, ya que es el orden inverso de lo que hará el hilo de envío.
A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(), which could lead to undefined behavior and a denial of service.
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-02-21 CVE Published
- 2024-03-15 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/a42055e8d2c30d4decfc13ce943d09c7b9dad221 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-26585 | 2024-08-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2265517 | 2024-08-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.15.165" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.1.84" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 6.6.18 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.6.18" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 6.7.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.7.6" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.20 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 6.8" | en |
Affected
| ||||||