CVE-2024-26582
Description
In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-2394.html
Vendor advisory: alma — https://bugzilla.redhat.com/2270883
Vendor advisory: alma — https://bugzilla.redhat.com/2270118
Vendor advisory: alma — https://bugzilla.redhat.com/2270080
Vendor advisory: alma — https://bugzilla.redhat.com/2269217
Vendor advisory: alma — https://bugzilla.redhat.com/2269189
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267788
Vendor advisory: alma — https://bugzilla.redhat.com/2267761
Vendor advisory: alma — https://bugzilla.redhat.com/2267760
Vendor advisory: alma — https://bugzilla.redhat.com/2267758
Vendor advisory: alma — https://bugzilla.redhat.com/2267750
Vendor advisory: alma — https://bugzilla.redhat.com/2267695
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2265653
Vendor advisory: alma — https://bugzilla.redhat.com/2265646
Vendor advisory: alma — https://bugzilla.redhat.com/2265645
Vendor advisory: alma — https://bugzilla.redhat.com/2265520
Vendor advisory: alma — https://bugzilla.redhat.com/2265519
Vendor advisory: alma — https://bugzilla.redhat.com/2265518
Vendor advisory: alma — https://bugzilla.redhat.com/2265517
Vendor advisory: alma — https://bugzilla.redhat.com/2265285
Vendor advisory: alma — https://bugzilla.redhat.com/2262127
Vendor advisory: alma — https://bugzilla.redhat.com/2262126
Vendor advisory: alma — https://bugzilla.redhat.com/2260005
Vendor advisory: alma — https://bugzilla.redhat.com/2258518
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2257682
Vendor advisory: alma — https://bugzilla.redhat.com/2256822
Vendor advisory: alma — https://bugzilla.redhat.com/2256490
Vendor advisory: alma — https://bugzilla.redhat.com/2255498
Vendor advisory: alma — https://bugzilla.redhat.com/2255283
Vendor advisory: alma — https://bugzilla.redhat.com/2254982
Vendor advisory: alma — https://bugzilla.redhat.com/2254961
Vendor advisory: alma — https://bugzilla.redhat.com/2253632
Vendor advisory: alma — https://bugzilla.redhat.com/2253034
Vendor advisory: alma — https://bugzilla.redhat.com/2252731
Vendor advisory: alma — https://bugzilla.redhat.com/2250043
Vendor advisory: alma — https://bugzilla.redhat.com/2246980
Vendor advisory: alma — https://bugzilla.redhat.com/2244720
Vendor advisory: alma — https://bugzilla.redhat.com/2239848
Vendor advisory: alma — https://bugzilla.redhat.com/2239845
Vendor advisory: alma — https://bugzilla.redhat.com/2231410
Vendor advisory: alma — https://bugzilla.redhat.com/2226788
Vendor advisory: alma — https://bugzilla.redhat.com/2226787
Vendor advisory: alma — https://bugzilla.redhat.com/2226777
Vendor advisory: alma — https://bugzilla.redhat.com/2221702
Vendor advisory: alma — https://bugzilla.redhat.com/2221463
Vendor advisory: alma — https://bugzilla.redhat.com/2221039
Vendor advisory: alma — https://bugzilla.redhat.com/2219359
Vendor advisory: alma — https://bugzilla.redhat.com/2218332
Vendor advisory: alma — https://bugzilla.redhat.com/2213132
Vendor advisory: alma — https://bugzilla.redhat.com/2210024
Vendor advisory: alma — https://bugzilla.redhat.com/2188102
Vendor advisory: alma — https://bugzilla.redhat.com/2185519
Vendor advisory: alma — https://bugzilla.redhat.com/2177759
Vendor advisory: alma — https://bugzilla.redhat.com/2151959
Vendor advisory: alma — https://bugzilla.redhat.com/2133452
Vendor advisory: alma — https://bugzilla.redhat.com/2049700
Vendor advisory: alma — https://bugzilla.redhat.com/1918601
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-26582
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-26582.html
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2394
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.82-1 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.7.7-1 |
| debian | sid | fixed | 6.7.7-1 |
| debian | trixie | fixed | 6.7.7-1 |
| almalinux | 9 | fixed | kernel-doc-5.14.0-427.13.1.el9_4.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://www.suse.com/security/cve/CVE-2024-26582.html
- https://security-tracker.debian.org/tracker/CVE-2024-26582
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2049700
- https://bugzilla.redhat.com/2133452
- https://bugzilla.redhat.com/2151959
- https://bugzilla.redhat.com/2177759
- https://bugzilla.redhat.com/2185519
- https://bugzilla.redhat.com/2188102
- https://bugzilla.redhat.com/2210024
- https://bugzilla.redhat.com/2213132
- https://bugzilla.redhat.com/2218332
- https://bugzilla.redhat.com/2219359
- https://bugzilla.redhat.com/2221039
- https://bugzilla.redhat.com/2221463
- https://bugzilla.redhat.com/2221702
- https://bugzilla.redhat.com/2226777
- https://bugzilla.redhat.com/2226787
- https://bugzilla.redhat.com/2226788
- https://bugzilla.redhat.com/2231410
- https://bugzilla.redhat.com/2239845
- https://bugzilla.redhat.com/2239848
- https://bugzilla.redhat.com/2244720
- https://bugzilla.redhat.com/2246980
Verify integrity in audit chain (admin only). AS-IS.