We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Bugpilot (Bug tracking)

Ok

THREATINT CVE Home CVE Diag Help
PUBLISHED

CVE-2024-26584

net: tls: handle backlogging of crypto requests

Reserved:2024-02-19
Published:2024-02-21
Updated:2024-04-04

Description

In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.

Product status

Default status
unaffected

a54667f6728c before cd1bbca03f3c
affected

a54667f6728c before 13eca403876b
affected

a54667f6728c before ab6397f072e5
affected

a54667f6728c before 859054147318
affected

Default status
affected

4.16
affected

Any version before 4.16
unaffected

6.1.84
unaffected

6.6.18
unaffected

6.7.6
unaffected

6.8
unaffected

References

https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72

https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754

https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694

https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3

cve.org CVE-2024-26584

nvd.nist.gov CVE-2024-26584

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-26584