CVE-2024-35908

MEDIUM

Linux Kernel 6.0-6.1.84, 6.2-6.6.25, 6.7-6.8.4 - Use-After-Free in TLS Socket Receive

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8

Patch

https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096

Patch

https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3

Patch

https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 11.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (15)

linux/Kernel 6.0.0 - 6.1.85linux

linux/Kernel 6.2.0 - 6.6.26linux

linux/Kernel 6.7.0 - 6.8.5linux

Linux/Linux < 6.0

Linux/Linux 4cbc325ed6b4dce4910be06d9d6940a8b919c59b - 30fabe50a7ace3e9d57cf7f9288f33ea408491c8

Linux/Linux 4cbc325ed6b4dce4910be06d9d6940a8b919c59b - 417e91e856099e9b8a42a2520e2255e6afe024be

Linux/Linux 4cbc325ed6b4dce4910be06d9d6940a8b919c59b - b565d294e3d5aa809566a4d819835da11997d8b3

Linux/Linux 4cbc325ed6b4dce4910be06d9d6940a8b919c59b - f1b7f14130d782433bc98c1e1e41ce6b4d4c3096

Linux/Linux 6.0

Linux/Linux 6.1.85 - 6.1.*

... and 5 more

Published May 19, 2024

Tracked Since Feb 18, 2026