{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26585", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.125Z", "datePublished": "2024-02-21T14:59:13.088Z", "dateUpdated": "2024-08-19T04:29:06.249Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-19T04:29:06.249Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it's\nthe inverse order of what the submitting thread will do."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tls/tls_sw.c"], "versions": [{"version": "a42055e8d2c3", "lessThan": "dd32621f1924", "status": "affected", "versionType": "git"}, {"version": "a42055e8d2c3", "lessThan": "196f198ca6fc", "status": "affected", "versionType": "git"}, {"version": "a42055e8d2c3", "lessThan": "6db22d6c7a6d", "status": "affected", "versionType": "git"}, {"version": "a42055e8d2c3", "lessThan": "e327ed60bff4", "status": "affected", "versionType": "git"}, {"version": "a42055e8d2c3", "lessThan": "e01e3934a1b2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/tls/tls_sw.c"], "versions": [{"version": "4.20", "status": "affected"}, {"version": "0", "lessThan": "4.20", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.1.84", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.6.18", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.7.6", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "custom"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33"}, {"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"}, {"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"}, {"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"}, {"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"}], "title": "tls: fix race between tx work scheduling and socket close", "x_generator": {"engine": "bippy-c9c4e1df01b2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-28T17:07:29.305466Z", "id": "CVE-2024-26585", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T17:07:36.266Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.712Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.712Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26585", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-28T17:07:29.305466Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-28T17:07:33.584Z"}}], "cna": {"title": "tls: fix race between tx work scheduling and socket close", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "a42055e8d2c3", "lessThan": "dd32621f1924", "versionType": "git"}, {"status": "affected", "version": "a42055e8d2c3", "lessThan": "196f198ca6fc", "versionType": "git"}, {"status": "affected", "version": "a42055e8d2c3", "lessThan": "6db22d6c7a6d", "versionType": "git"}, {"status": "affected", "version": "a42055e8d2c3", "lessThan": "e327ed60bff4", "versionType": "git"}, {"status": "affected", "version": "a42055e8d2c3", "lessThan": "e01e3934a1b2", "versionType": "git"}], "programFiles": ["net/tls/tls_sw.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.20"}, {"status": "unaffected", "version": "0", "lessThan": "4.20", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.165", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.84", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.18", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.6", "versionType": "custom", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/tls/tls_sw.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33"}, {"url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"}, {"url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"}, {"url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"}, {"url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it's\nthe inverse order of what the submitting thread will do."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-08-19T04:29:06.249Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26585", "state": "PUBLISHED", "dateUpdated": "2024-08-19T04:29:06.249Z", "dateReserved": "2024-02-19T14:20:24.125Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-21T14:59:13.088Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EC1F1D5-8364-4C12-AB58-595F84A06381", "versionEndExcluding": "6.6.18", "versionStartIncluding": "4.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C8D1FAD-4D5D-4A25-B058-2AD15082710E", "versionEndExcluding": "6.7.6", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between tx work scheduling and socket close\n\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it's\nthe inverse order of what the submitting thread will do."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tls: corrige la ejecuci\u00f3n entre la programaci\u00f3n de trabajo de transmisi\u00f3n y el cierre del socket De manera similar a el commit anterior, el hilo de env\u00edo (recvmsg/sendmsg) puede cerrarse tan pronto como el controlador de cifrado as\u00edncrono llame a complete(). Reordene la programaci\u00f3n del trabajo antes de llamar a complete(). En primer lugar, esto parece m\u00e1s l\u00f3gico, ya que es el orden inverso de lo que har\u00e1 el hilo de env\u00edo."}], "id": "CVE-2024-26585", "lastModified": "2024-08-19T05:15:06.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-21T15:15:09.467", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4352", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4211", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.8.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:4447", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.111.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-07-10T00:00:00Z"}, {"advisory": "RHSA-2024:5255", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.67.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:2394", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.13.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-04-30T00:00:00Z"}, {"advisory": "RHSA-2024:4533", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.73.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}, {"advisory": "RHSA-2024:4554", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.73.1.rt14.358.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-07-15T00:00:00Z"}], "bugzilla": {"description": "kernel: tls: race between tx work scheduling and socket close", "id": "2265517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265517"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-362", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntls: fix race between tx work scheduling and socket close\nSimilarly to previous commit, the submitting thread (recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete().\nReorder scheduling the work before calling complete().\nThis seems more logical in the first place, as it's\nthe inverse order of what the submitting thread will do.", "A race condition vulnerability was found in the tls subsystem of the Linux kernel. The submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(), which could lead to undefined behavior and a denial of service."], "mitigation": {"lang": "en:us", "value": "No current mitigation is available for this vulnerability. Please make sure to have kernel up-to-date as soon as the patches are available to make sure the flaw mitigated."}, "name": "CVE-2024-26585", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26585\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26585\nhttps://lore.kernel.org/linux-cve-announce/2024022150-fancy-numerate-94ab@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 6 and 7 are not affected by this CVE as they did not include kernel TLS support (upstream commit 3c4d755).", "threat_severity": "Moderate", "upstream_fix": "kernel 6.8-rc5"}