CVE-2024-26582

HIGH

Linux Kernel 6.0-6.1.78, 6.2-6.6.17, 6.7-6.7.5 - Use-After-Free in TLS Partial Read Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.

References (5)

Core 5

Core References

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/

Patch

https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96

Patch

https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5

Patch

https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df

Patch

https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f

Scores

CVSS v3 7.8

EPSS 0.0026

EPSS Percentile 16.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-416

Status published

Products (14)

linux/Kernel 6.0.0 - 6.1.79linux

linux/Kernel 6.2.0 - 6.6.18linux

linux/Kernel 6.7.0 - 6.7.6linux

Linux/Linux < 6.0

Linux/Linux 6.0

Linux/Linux 6.1.79 - 6.1.*

Linux/Linux 6.6.18 - 6.6.*

Linux/Linux 6.7.6 - 6.7.*

Linux/Linux 6.8

Linux/Linux fd31f3996af2627106e22a9f8072764fede51161 - 20b4ed034872b4d024b26e2bc1092c3f80e5db96

... and 4 more

Published Feb 21, 2024

Tracked Since Feb 18, 2026