CVE-2024-26582

Updated: 2024-11-30 01:50:33.769702

Description:

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU kernel 5.14.0 7.8 HIGH Released CLSA-2024:1719231016 2024-06-24 10:15:11
AlmaLinux 9.2 FIPS kernel 5.14.0 7.8 HIGH Released CLSA-2024:1719241565 2024-06-24 11:25:00
CentOS 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-06-12 06:02:28
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Not Vulnerable 2024-06-12 06:02:28
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-05-02 10:00:53
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Not Vulnerable 2024-04-29 05:39:30
CentOS Stream 8 ELS kernel 4.18.0 7.8 HIGH Released 2024-06-11 05:46:09
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-06-12 06:02:28
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Not Vulnerable 2024-06-12 06:02:28