In the Linux kernel, the following vulnerability has been resolved:
net: tls: handle backlogging of crypto requests
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.
Metrics
Affected Vendors & Products
References
History
Tue, 13 Aug 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/o:redhat:rhel_eus:8.8 |
MITRE
Status: PUBLISHED
Assigner: Linux
Published: 2024-02-21T14:59:12.452Z
Updated: 2024-12-19T08:42:58.168Z
Reserved: 2024-02-19T14:20:24.125Z
Link: CVE-2024-26584
Vulnrichment
Updated: 2024-08-02T00:07:19.862Z
NVD
Status : Modified
Published: 2024-02-21T15:15:09.420
Modified: 2024-11-21T09:02:35.477
Link: CVE-2024-26584
Redhat