CVE-2024-26585: tls: fix race between tx work scheduling and socket close
First published: Wed Feb 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.8 | 6.8 |
| Linux Kernel | >=4.20.0<6.6.18 | |
| Linux Kernel | >=6.7.0<6.7.6 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146
- https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb
- https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57
- https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d
- https://launchpad.net/bugs/cve/CVE-2024-26585
- https://lore.kernel.org/linux-cve-announce/2024022150-fancy-numerate-94ab@gregkh/T/#u
- https://github.com/torvalds/linux/commit/e01e3934a1b2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2265521
- https://access.redhat.com/errata/RHSA-2024:2394
- https://access.redhat.com/security/cve/CVE-2024-26585
- https://access.redhat.com/errata/RHSA-2024:4211
- https://access.redhat.com/errata/RHSA-2024:4352
- https://access.redhat.com/errata/RHSA-2024:4447
- https://access.redhat.com/errata/RHSA-2024:4533
- https://access.redhat.com/errata/RHSA-2024:4554
- https://access.redhat.com/errata/RHSA-2024:5255
- https://bugzilla.redhat.com/show_bug.cgi?id=2265517
- https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26585
- https://nvd.nist.gov/vuln/detail/CVE-2024-26585
- https://security-tracker.debian.org/tracker/CVE-2024-26585
- https://ubuntu.com/security/CVE-2024-26585
- https://git.kernel.org/linus/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb
Frequently Asked Questions
What is the severity of CVE-2024-26585?
CVE-2024-26585 has been classified with moderate severity due to its potential impact on system stability.
How do I fix CVE-2024-26585?
To address CVE-2024-26585, you should upgrade to a fixed version of the Linux kernel, specifically versions 6.8 or greater.
What systems are affected by CVE-2024-26585?
CVE-2024-26585 affects various Linux kernel versions between 4.20.0 and 6.7.6 as well as specific Red Hat and Debian packages.
When was CVE-2024-26585 disclosed?
CVE-2024-26585 was disclosed in 2024, highlighting a race condition issue in the Linux kernel.
Can CVE-2024-26585 cause data loss?
While CVE-2024-26585 primarily affects system functionality, it may lead to unexpected behavior that could indirectly risk data integrity.
- agent/title
- agent/type
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- agent/remedy
- agent/first-publish-date
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-26585
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/references
- agent/trending
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20.0
- version/linux kernel/6.7.0
- package-manager/debian