CVE-2024-26800
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26800
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26800.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-26800
- Downstream
- Related
- Published
- 2024-04-04T08:20:28.554Z
- Modified
- 2025-11-28T02:35:29.945664Z
- Summary
- tls: fix use-after-free on failed backlog decryption
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
tls: fix use-after-free on failed backlog decryption
When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails, tlsdodecryption will return -EBADMSG and tlsdecryptsg jumps to the error path, releasing all the pages. But the pages have been passed to the async callback, and have already been released by tlsdecryptdone.
The only true async case is when cryptoaeaddecrypt returns -EINPROGRESS. With -EBUSY, we already waited so we can tell tlsswrecvmsg that the data is available for immediate copy, but we need to notify tlsdecryptsg (via the new ->async_done flag) that the memory has already been released.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26800.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0
- https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
- https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe
- https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26800.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-26800
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedcd1bbca03f3c1d845ce274c0d0a66de8e5929f72Fixedf2b85a4cc763841843de693bbd7308fe9a2c4c89
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced13eca403876bbea3716e82cdfe6f1e6febb38754Fixed81be85353b0f5a7b660635634b655329b429eefe
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedab6397f072e5097f267abf5cb08a8004e6b17694Fixed1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced8590541473188741055d27b955db0777569438e3Fixed13114dc5543069f7b97991e3b79937b6da05f5b0
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected3ade391adc584f17b5570fd205de3ad029090368