CVE-2024-26583

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26583

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26583.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-26583

Downstream

BELL-CVE-2024-26583

DEBIAN-CVE-2024-26583

OESA-2024-1283

OESA-2024-1284

OESA-2024-1285

OESA-2024-1286

RHSA-2024:2394

RHSA-2024:4211

RHSA-2024:4352

RHSA-2024:4447

RHSA-2024:4533

RHSA-2024:4554

RHSA-2024:5255

SUSE-SU-2024:2893-1

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2923-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:2948-1

SUSE-SU-2024:3249-1

SUSE-SU-2024:3499-1

Related

Published

2024-02-21T15:15:09Z

Modified

2025-08-09T20:01:27Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

tls: fix race between async notify and socket close

The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data.

Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization.

Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.

References

Affected packages