AZL-35474

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35474.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-35474

Upstream

CVE-2024-26583

Published

2024-02-21T15:15:09Z

Modified

2026-04-01T05:12:09.258852Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-26583 affecting package hyperv-daemons for versions less than 6.6.22.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

tls: fix race between async notify and socket close

The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data.

Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization.

Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-26583

Affected packages

Azure Linux:3 / hyperv-daemons

Package

Name: hyperv-daemons
Purl: pkg:rpm/azure-linux/hyperv-daemons

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.22.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-35474.json"