CVE-2024-26583
Description
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-2394.html
Vendor advisory: alma — https://bugzilla.redhat.com/2270883
Vendor advisory: alma — https://bugzilla.redhat.com/2270118
Vendor advisory: alma — https://bugzilla.redhat.com/2270080
Vendor advisory: alma — https://bugzilla.redhat.com/2269217
Vendor advisory: alma — https://bugzilla.redhat.com/2269189
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267788
Vendor advisory: alma — https://bugzilla.redhat.com/2267761
Vendor advisory: alma — https://bugzilla.redhat.com/2267760
Vendor advisory: alma — https://bugzilla.redhat.com/2267758
Vendor advisory: alma — https://bugzilla.redhat.com/2267750
Vendor advisory: alma — https://bugzilla.redhat.com/2267695
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2265653
Vendor advisory: alma — https://bugzilla.redhat.com/2265646
Vendor advisory: alma — https://bugzilla.redhat.com/2265645
Vendor advisory: alma — https://bugzilla.redhat.com/2265518
Vendor advisory: alma — https://bugzilla.redhat.com/2265285
Vendor advisory: alma — https://bugzilla.redhat.com/2262127
Vendor advisory: alma — https://bugzilla.redhat.com/2262126
Vendor advisory: alma — https://bugzilla.redhat.com/2260005
Vendor advisory: alma — https://bugzilla.redhat.com/2258518
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2257682
Vendor advisory: alma — https://bugzilla.redhat.com/2256822
Vendor advisory: alma — https://bugzilla.redhat.com/2256490
Vendor advisory: alma — https://bugzilla.redhat.com/2255498
Vendor advisory: alma — https://bugzilla.redhat.com/2255283
Vendor advisory: alma — https://bugzilla.redhat.com/2254982
Vendor advisory: alma — https://bugzilla.redhat.com/2254961
Vendor advisory: alma — https://bugzilla.redhat.com/2253632
Vendor advisory: alma — https://bugzilla.redhat.com/2253034
Vendor advisory: alma — https://bugzilla.redhat.com/2252731
Vendor advisory: alma — https://bugzilla.redhat.com/2250043
Vendor advisory: alma — https://bugzilla.redhat.com/2246980
Vendor advisory: alma — https://bugzilla.redhat.com/2244720
Vendor advisory: alma — https://bugzilla.redhat.com/2239848
Vendor advisory: alma — https://bugzilla.redhat.com/2239845
Vendor advisory: alma — https://bugzilla.redhat.com/2231410
Vendor advisory: alma — https://bugzilla.redhat.com/2226788
Vendor advisory: alma — https://bugzilla.redhat.com/2226787
Vendor advisory: alma — https://bugzilla.redhat.com/2226777
Vendor advisory: alma — https://bugzilla.redhat.com/2221702
Vendor advisory: alma — https://bugzilla.redhat.com/2221463
Vendor advisory: alma — https://bugzilla.redhat.com/2221039
Vendor advisory: alma — https://bugzilla.redhat.com/2219359
Vendor advisory: alma — https://bugzilla.redhat.com/2218332
Vendor advisory: alma — https://bugzilla.redhat.com/2213132
Vendor advisory: alma — https://bugzilla.redhat.com/2210024
Vendor advisory: alma — https://bugzilla.redhat.com/2188102
Vendor advisory: alma — https://bugzilla.redhat.com/2185519
Vendor advisory: alma — https://bugzilla.redhat.com/2177759
Vendor advisory: alma — https://bugzilla.redhat.com/2151959
Vendor advisory: alma — https://bugzilla.redhat.com/2133452
Vendor advisory: alma — https://bugzilla.redhat.com/2049700
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4352.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4352
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4211.html
Vendor advisory: alma — https://bugzilla.redhat.com/2282920
Vendor advisory: alma — https://bugzilla.redhat.com/2282902
Vendor advisory: alma — https://bugzilla.redhat.com/2282735
Vendor advisory: alma — https://bugzilla.redhat.com/2282712
Vendor advisory: alma — https://bugzilla.redhat.com/2282698
Vendor advisory: alma — https://bugzilla.redhat.com/2282680
Vendor advisory: alma — https://bugzilla.redhat.com/2282653
Vendor advisory: alma — https://bugzilla.redhat.com/2282612
Vendor advisory: alma — https://bugzilla.redhat.com/2282609
Vendor advisory: alma — https://bugzilla.redhat.com/2282581
Vendor advisory: alma — https://bugzilla.redhat.com/2282472
Vendor advisory: alma — https://bugzilla.redhat.com/2282471
Vendor advisory: alma — https://bugzilla.redhat.com/2282400
Vendor advisory: alma — https://bugzilla.redhat.com/2282394
Vendor advisory: alma — https://bugzilla.redhat.com/2281986
Vendor advisory: alma — https://bugzilla.redhat.com/2281953
Vendor advisory: alma — https://bugzilla.redhat.com/2281925
Vendor advisory: alma — https://bugzilla.redhat.com/2281923
Vendor advisory: alma — https://bugzilla.redhat.com/2281920
Vendor advisory: alma — https://bugzilla.redhat.com/2281693
Vendor advisory: alma — https://bugzilla.redhat.com/2281689
Vendor advisory: alma — https://bugzilla.redhat.com/2281350
Vendor advisory: alma — https://bugzilla.redhat.com/2281346
Vendor advisory: alma — https://bugzilla.redhat.com/2281334
Vendor advisory: alma — https://bugzilla.redhat.com/2281311
Vendor advisory: alma — https://bugzilla.redhat.com/2281272
Vendor advisory: alma — https://bugzilla.redhat.com/2281257
Vendor advisory: alma — https://bugzilla.redhat.com/2281255
Vendor advisory: alma — https://bugzilla.redhat.com/2281253
Vendor advisory: alma — https://bugzilla.redhat.com/2281251
Vendor advisory: alma — https://bugzilla.redhat.com/2281165
Vendor advisory: alma — https://bugzilla.redhat.com/2281157
Vendor advisory: alma — https://bugzilla.redhat.com/2281113
Vendor advisory: alma — https://bugzilla.redhat.com/2281057
Vendor advisory: alma — https://bugzilla.redhat.com/2280434
Vendor advisory: alma — https://bugzilla.redhat.com/2278354
Vendor advisory: alma — https://bugzilla.redhat.com/2278337
Vendor advisory: alma — https://bugzilla.redhat.com/2275733
Vendor advisory: alma — https://bugzilla.redhat.com/2275635
Vendor advisory: alma — https://bugzilla.redhat.com/2275633
Vendor advisory: alma — https://bugzilla.redhat.com/2275604
Vendor advisory: alma — https://bugzilla.redhat.com/2273429
Vendor advisory: alma — https://bugzilla.redhat.com/2273423
Vendor advisory: alma — https://bugzilla.redhat.com/2273278
Vendor advisory: alma — https://bugzilla.redhat.com/2273204
Vendor advisory: alma — https://bugzilla.redhat.com/2272829
Vendor advisory: alma — https://bugzilla.redhat.com/2272692
Vendor advisory: alma — https://bugzilla.redhat.com/2271680
Vendor advisory: alma — https://bugzilla.redhat.com/2270093
Vendor advisory: alma — https://bugzilla.redhat.com/2267730
Vendor advisory: alma — https://bugzilla.redhat.com/2267518
Vendor advisory: alma — https://bugzilla.redhat.com/2267513
Vendor advisory: alma — https://bugzilla.redhat.com/2266831
Vendor advisory: alma — https://bugzilla.redhat.com/2266408
Vendor advisory: alma — https://bugzilla.redhat.com/2265800
Vendor advisory: alma — https://bugzilla.redhat.com/2265520
Vendor advisory: alma — https://bugzilla.redhat.com/2265519
Vendor advisory: alma — https://bugzilla.redhat.com/2265517
Vendor advisory: alma — https://bugzilla.redhat.com/2258875
Vendor advisory: alma — https://bugzilla.redhat.com/2248122
Vendor advisory: alma — https://bugzilla.redhat.com/1918601
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4211
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-26583
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-26583.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4211
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4352
Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:4211
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2394
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.82-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.7.7-1 |
| debian | sid | fixed | 6.7.7-1 |
| debian | trixie | fixed | 6.7.7-1 |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm |
| almalinux | 9 | fixed | kernel-doc-5.14.0-427.13.1.el9_4.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://errata.rockylinux.org/RXSA-2024:4211
- https://errata.rockylinux.org/RLSA-2024:4352
- https://errata.rockylinux.org/RLSA-2024:4211
- https://www.suse.com/security/cve/CVE-2024-26583.html
- https://security-tracker.debian.org/tracker/CVE-2024-26583
- https://access.redhat.com/errata/RHSA-2024:4211
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2248122
- https://bugzilla.redhat.com/2258875
- https://bugzilla.redhat.com/2265517
- https://bugzilla.redhat.com/2265519
- https://bugzilla.redhat.com/2265520
- https://bugzilla.redhat.com/2265800
- https://bugzilla.redhat.com/2266408
- https://bugzilla.redhat.com/2266831
- https://bugzilla.redhat.com/2267513
- https://bugzilla.redhat.com/2267518
- https://bugzilla.redhat.com/2267730
- https://bugzilla.redhat.com/2270093
- https://bugzilla.redhat.com/2271680
- https://bugzilla.redhat.com/2272692
- https://bugzilla.redhat.com/2272829
- https://bugzilla.redhat.com/2273204
- https://bugzilla.redhat.com/2273278
Verify integrity in audit chain (admin only). AS-IS.