mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
107 lines
4.9 KiB
JSON
107 lines
4.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-26800",
|
|
"ASSIGNER": "cve@kernel.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix use-after-free on failed backlog decryption\n\nWhen the decrypt request goes to the backlog and crypto_aead_decrypt\nreturns -EBUSY, tls_do_decryption will wait until all async\ndecryptions have completed. If one of them fails, tls_do_decryption\nwill return -EBADMSG and tls_decrypt_sg jumps to the error path,\nreleasing all the pages. But the pages have been passed to the async\ncallback, and have already been released by tls_decrypt_done.\n\nThe only true async case is when crypto_aead_decrypt returns\n -EINPROGRESS. With -EBUSY, we already waited so we can tell\ntls_sw_recvmsg that the data is available for immediate copy, but we\nneed to notify tls_decrypt_sg (via the new ->async_done flag) that the\nmemory has already been released."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Linux",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Linux",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "cd1bbca03f3c",
|
|
"version_value": "f2b85a4cc763"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "13eca403876b",
|
|
"version_value": "81be85353b0f"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "ab6397f072e5",
|
|
"version_value": "1ac9fb84bc7e"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "859054147318",
|
|
"version_value": "13114dc55430"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "6.6.18",
|
|
"version_value": "6.6.21"
|
|
},
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "6.7.6",
|
|
"version_value": "6.7.9"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1"
|
|
},
|
|
{
|
|
"url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0",
|
|
"refsource": "MISC",
|
|
"name": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "bippy-9e1c9544281a"
|
|
}
|
|
} |