CVE-2024-26584
Description
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2024-2394.html
Vendor advisory: alma — https://bugzilla.redhat.com/2270883
Vendor advisory: alma — https://bugzilla.redhat.com/2270118
Vendor advisory: alma — https://bugzilla.redhat.com/2270080
Vendor advisory: alma — https://bugzilla.redhat.com/2269217
Vendor advisory: alma — https://bugzilla.redhat.com/2269189
Vendor advisory: alma — https://bugzilla.redhat.com/2267795
Vendor advisory: alma — https://bugzilla.redhat.com/2267788
Vendor advisory: alma — https://bugzilla.redhat.com/2267761
Vendor advisory: alma — https://bugzilla.redhat.com/2267760
Vendor advisory: alma — https://bugzilla.redhat.com/2267758
Vendor advisory: alma — https://bugzilla.redhat.com/2267750
Vendor advisory: alma — https://bugzilla.redhat.com/2267695
Vendor advisory: alma — https://bugzilla.redhat.com/2267041
Vendor advisory: alma — https://bugzilla.redhat.com/2265653
Vendor advisory: alma — https://bugzilla.redhat.com/2265646
Vendor advisory: alma — https://bugzilla.redhat.com/2265645
Vendor advisory: alma — https://bugzilla.redhat.com/2265518
Vendor advisory: alma — https://bugzilla.redhat.com/2265285
Vendor advisory: alma — https://bugzilla.redhat.com/2262127
Vendor advisory: alma — https://bugzilla.redhat.com/2262126
Vendor advisory: alma — https://bugzilla.redhat.com/2260005
Vendor advisory: alma — https://bugzilla.redhat.com/2258518
Vendor advisory: alma — https://bugzilla.redhat.com/2258013
Vendor advisory: alma — https://bugzilla.redhat.com/2257682
Vendor advisory: alma — https://bugzilla.redhat.com/2256822
Vendor advisory: alma — https://bugzilla.redhat.com/2256490
Vendor advisory: alma — https://bugzilla.redhat.com/2255498
Vendor advisory: alma — https://bugzilla.redhat.com/2255283
Vendor advisory: alma — https://bugzilla.redhat.com/2254982
Vendor advisory: alma — https://bugzilla.redhat.com/2254961
Vendor advisory: alma — https://bugzilla.redhat.com/2253632
Vendor advisory: alma — https://bugzilla.redhat.com/2253034
Vendor advisory: alma — https://bugzilla.redhat.com/2252731
Vendor advisory: alma — https://bugzilla.redhat.com/2250043
Vendor advisory: alma — https://bugzilla.redhat.com/2246980
Vendor advisory: alma — https://bugzilla.redhat.com/2244720
Vendor advisory: alma — https://bugzilla.redhat.com/2239848
Vendor advisory: alma — https://bugzilla.redhat.com/2239845
Vendor advisory: alma — https://bugzilla.redhat.com/2231410
Vendor advisory: alma — https://bugzilla.redhat.com/2226788
Vendor advisory: alma — https://bugzilla.redhat.com/2226787
Vendor advisory: alma — https://bugzilla.redhat.com/2226777
Vendor advisory: alma — https://bugzilla.redhat.com/2221702
Vendor advisory: alma — https://bugzilla.redhat.com/2221463
Vendor advisory: alma — https://bugzilla.redhat.com/2221039
Vendor advisory: alma — https://bugzilla.redhat.com/2219359
Vendor advisory: alma — https://bugzilla.redhat.com/2218332
Vendor advisory: alma — https://bugzilla.redhat.com/2213132
Vendor advisory: alma — https://bugzilla.redhat.com/2210024
Vendor advisory: alma — https://bugzilla.redhat.com/2188102
Vendor advisory: alma — https://bugzilla.redhat.com/2185519
Vendor advisory: alma — https://bugzilla.redhat.com/2177759
Vendor advisory: alma — https://bugzilla.redhat.com/2151959
Vendor advisory: alma — https://bugzilla.redhat.com/2133452
Vendor advisory: alma — https://bugzilla.redhat.com/2049700
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4352.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4352
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2024-4211.html
Vendor advisory: alma — https://bugzilla.redhat.com/2282920
Vendor advisory: alma — https://bugzilla.redhat.com/2282902
Vendor advisory: alma — https://bugzilla.redhat.com/2282735
Vendor advisory: alma — https://bugzilla.redhat.com/2282712
Vendor advisory: alma — https://bugzilla.redhat.com/2282698
Vendor advisory: alma — https://bugzilla.redhat.com/2282680
Vendor advisory: alma — https://bugzilla.redhat.com/2282653
Vendor advisory: alma — https://bugzilla.redhat.com/2282612
Vendor advisory: alma — https://bugzilla.redhat.com/2282609
Vendor advisory: alma — https://bugzilla.redhat.com/2282581
Vendor advisory: alma — https://bugzilla.redhat.com/2282472
Vendor advisory: alma — https://bugzilla.redhat.com/2282471
Vendor advisory: alma — https://bugzilla.redhat.com/2282400
Vendor advisory: alma — https://bugzilla.redhat.com/2282394
Vendor advisory: alma — https://bugzilla.redhat.com/2281986
Vendor advisory: alma — https://bugzilla.redhat.com/2281953
Vendor advisory: alma — https://bugzilla.redhat.com/2281925
Vendor advisory: alma — https://bugzilla.redhat.com/2281923
Vendor advisory: alma — https://bugzilla.redhat.com/2281920
Vendor advisory: alma — https://bugzilla.redhat.com/2281693
Vendor advisory: alma — https://bugzilla.redhat.com/2281689
Vendor advisory: alma — https://bugzilla.redhat.com/2281350
Vendor advisory: alma — https://bugzilla.redhat.com/2281346
Vendor advisory: alma — https://bugzilla.redhat.com/2281334
Vendor advisory: alma — https://bugzilla.redhat.com/2281311
Vendor advisory: alma — https://bugzilla.redhat.com/2281272
Vendor advisory: alma — https://bugzilla.redhat.com/2281257
Vendor advisory: alma — https://bugzilla.redhat.com/2281255
Vendor advisory: alma — https://bugzilla.redhat.com/2281253
Vendor advisory: alma — https://bugzilla.redhat.com/2281251
Vendor advisory: alma — https://bugzilla.redhat.com/2281165
Vendor advisory: alma — https://bugzilla.redhat.com/2281157
Vendor advisory: alma — https://bugzilla.redhat.com/2281113
Vendor advisory: alma — https://bugzilla.redhat.com/2281057
Vendor advisory: alma — https://bugzilla.redhat.com/2280434
Vendor advisory: alma — https://bugzilla.redhat.com/2278354
Vendor advisory: alma — https://bugzilla.redhat.com/2278337
Vendor advisory: alma — https://bugzilla.redhat.com/2275733
Vendor advisory: alma — https://bugzilla.redhat.com/2275635
Vendor advisory: alma — https://bugzilla.redhat.com/2275633
Vendor advisory: alma — https://bugzilla.redhat.com/2275604
Vendor advisory: alma — https://bugzilla.redhat.com/2273429
Vendor advisory: alma — https://bugzilla.redhat.com/2273423
Vendor advisory: alma — https://bugzilla.redhat.com/2273278
Vendor advisory: alma — https://bugzilla.redhat.com/2273204
Vendor advisory: alma — https://bugzilla.redhat.com/2272829
Vendor advisory: alma — https://bugzilla.redhat.com/2272692
Vendor advisory: alma — https://bugzilla.redhat.com/2271680
Vendor advisory: alma — https://bugzilla.redhat.com/2270093
Vendor advisory: alma — https://bugzilla.redhat.com/2267730
Vendor advisory: alma — https://bugzilla.redhat.com/2267518
Vendor advisory: alma — https://bugzilla.redhat.com/2267513
Vendor advisory: alma — https://bugzilla.redhat.com/2266831
Vendor advisory: alma — https://bugzilla.redhat.com/2266408
Vendor advisory: alma — https://bugzilla.redhat.com/2265800
Vendor advisory: alma — https://bugzilla.redhat.com/2265520
Vendor advisory: alma — https://bugzilla.redhat.com/2265519
Vendor advisory: alma — https://bugzilla.redhat.com/2265517
Vendor advisory: alma — https://bugzilla.redhat.com/2258875
Vendor advisory: alma — https://bugzilla.redhat.com/2248122
Vendor advisory: alma — https://bugzilla.redhat.com/1918601
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2024:4211
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2024-26584
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2024-26584.html
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4211
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2024:4352
Vendor advisory: rocky — https://errata.rockylinux.org/RXSA-2024:4211
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2024:2394
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 6.1.85-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.7.7-1 |
| debian | sid | fixed | 6.7.7-1 |
| debian | trixie | fixed | 6.7.7-1 |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.8.1.el8_10.noarch.rpm |
| almalinux | 9 | fixed | kernel-doc-5.14.0-427.13.1.el9_4.noarch.rpm |
References
- https://access.redhat.com/errata/RHSA-2024:2394
- https://errata.rockylinux.org/RXSA-2024:4211
- https://errata.rockylinux.org/RLSA-2024:4352
- https://errata.rockylinux.org/RLSA-2024:4211
- https://www.suse.com/security/cve/CVE-2024-26584.html
- https://security-tracker.debian.org/tracker/CVE-2024-26584
- https://access.redhat.com/errata/RHSA-2024:4211
- https://bugzilla.redhat.com/1918601
- https://bugzilla.redhat.com/2248122
- https://bugzilla.redhat.com/2258875
- https://bugzilla.redhat.com/2265517
- https://bugzilla.redhat.com/2265519
- https://bugzilla.redhat.com/2265520
- https://bugzilla.redhat.com/2265800
- https://bugzilla.redhat.com/2266408
- https://bugzilla.redhat.com/2266831
- https://bugzilla.redhat.com/2267513
- https://bugzilla.redhat.com/2267518
- https://bugzilla.redhat.com/2267730
- https://bugzilla.redhat.com/2270093
- https://bugzilla.redhat.com/2271680
- https://bugzilla.redhat.com/2272692
- https://bugzilla.redhat.com/2272829
- https://bugzilla.redhat.com/2273204
- https://bugzilla.redhat.com/2273278
Verify integrity in audit chain (admin only). AS-IS.