In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
History

Tue, 13 Aug 2024 23:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:rhel_eus:8.8

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-21T14:59:11.845Z

Updated: 2024-12-19T08:42:56.872Z

Reserved: 2024-02-19T14:20:24.125Z

Link: CVE-2024-26583

cve-icon Vulnrichment

Updated: 2024-08-02T00:07:19.779Z

cve-icon NVD

Status : Modified

Published: 2024-02-21T15:15:09.373

Modified: 2024-11-21T09:02:35.347

Link: CVE-2024-26583

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-02-21T00:00:00Z

Links: CVE-2024-26583 - Bugzilla