{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26583", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.125Z", "datePublished": "2024-02-21T14:59:11.845Z", "dateUpdated": "2024-08-02T00:07:19.779Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:19:01.100Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/tls.h", "net/tls/tls_sw.c"], "versions": [{"version": "0cada33241d9", "lessThan": "f17d21ea7391", "status": "affected", "versionType": "git"}, {"version": "0cada33241d9", "lessThan": "7a3ca06d04d5", "status": "affected", "versionType": "git"}, {"version": "0cada33241d9", "lessThan": "86dc27ee36f5", "status": "affected", "versionType": "git"}, {"version": "0cada33241d9", "lessThan": "6209319b2efd", "status": "affected", "versionType": "git"}, {"version": "0cada33241d9", "lessThan": "aec7961916f3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["include/net/tls.h", "net/tls/tls_sw.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.160", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.79", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"}, {"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"}, {"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"}, {"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"}, {"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"}], "title": "tls: fix race between async notify and socket close", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:41:40.480459Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:01.043Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.779Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26583", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:41:40.480459Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.581Z"}}], "cna": {"title": "tls: fix race between async notify and socket close", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "0cada33241d9", "lessThan": "f17d21ea7391", "versionType": "git"}, {"status": "affected", "version": "0cada33241d9", "lessThan": "7a3ca06d04d5", "versionType": "git"}, {"status": "affected", "version": "0cada33241d9", "lessThan": "86dc27ee36f5", "versionType": "git"}, {"status": "affected", "version": "0cada33241d9", "lessThan": "6209319b2efd", "versionType": "git"}, {"status": "affected", "version": "0cada33241d9", "lessThan": "aec7961916f3", "versionType": "git"}], "programFiles": ["include/net/tls.h", "net/tls/tls_sw.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.160", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.79", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.18", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["include/net/tls.h", "net/tls/tls_sw.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"}, {"url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"}, {"url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"}, {"url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"}, {"url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:19:01.100Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26583", "state": "PUBLISHED", "dateUpdated": "2024-07-05T17:21:01.043Z", "dateReserved": "2024-02-19T14:20:24.125Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-21T14:59:11.845Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "37AE2B04-CF69-412C-89AE-605725C54364", "versionEndExcluding": "6.1.79", "versionStartIncluding": "5.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5CC150E-F35C-4CF7-ADF5-422D32C511C2", "versionEndExcluding": "6.6.18", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C8D1FAD-4D5D-4A25-B058-2AD15082710E", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tls: corrige la ejecuci\u00f3n entre la notificaci\u00f3n as\u00edncrona y el cierre del socket. El hilo de env\u00edo (uno que llam\u00f3 recvmsg/sendmsg) puede salir tan pronto como el controlador criptogr\u00e1fico as\u00edncrono llame a complete(), por lo que cualquier c\u00f3digo pasado ese punto corre el riesgo de tocar datos ya liberados. Intente evitar por completo el bloqueo y las banderas adicionales. Haga que el hilo principal contenga una referencia adicional, de esta manera podemos depender \u00fanicamente del contador de referencia at\u00f3mica para la sincronizaci\u00f3n. Tampoco te preocupes por reiniciar la finalizaci\u00f3n, ahora estamos controlando estrictamente cu\u00e1ndo se activa la finalizaci\u00f3n."}], "id": "CVE-2024-26583", "lastModified": "2024-05-25T15:15:08.700", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T15:15:09.373", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f17d21ea73918ace8afb9c2d8e734dbf71c2c9d7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4352", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4211", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.8.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:5255", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.67.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:4533", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.73.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4554", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}], "bugzilla": {"description": "kernel: tls: race between async notify and socket close", "id": "2265520", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265520"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-362->CWE-416", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntls: fix race between async notify and socket close\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires.", "A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete(); any code past that point risks touching already freed data. This could lead to a use-after-free issue and a denial of service condition."], "mitigation": {"lang": "en:us", "value": "No current mitigation is available for this vulnerability. Please make sure to have kernel up-to-date as soon as the patches are available to make sure the flaw mitigated."}, "name": "CVE-2024-26583", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26583\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26583\nhttps://lore.kernel.org/linux-cve-announce/2024022146-traction-unjustly-f451@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 6 and 7 are not affected by this CVE as they did not include kernel TLS support (upstream commit 3c4d755).", "threat_severity": "Moderate", "upstream_fix": "kernel 6.8-rc5"}