7.5
CVE-2026-23414
- EPSS 0.24%
- Veröffentlicht 02.04.2026 11:40:55
- Zuletzt bearbeitet 27.04.2026 14:16:31
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
tls: Purge async_hold in tls_decrypt_async_wait()
In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tls_decrypt_async_wait() returns, every AEAD operation has completed and the engine no longer references those skbs, so they can be freed unconditionally. A subsequent patch adds batch async decryption to tls_sw_read_sock(), introducing a new call site that must drain pending AEAD operations and release held skbs. Move __skb_queue_purge(&ctx->async_hold) into tls_decrypt_async_wait() so the purge is centralized and every caller -- recvmsg's drain path, the -EBUSY fallback in tls_do_decryption(), and the new read_sock batch path -- releases held skbs on synchronization without each site managing the purge independently. This fixes a leak when tls_strp_msg_hold() fails part-way through, after having added some cloned skbs to the async_hold queue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to process all pending decrypts, and drop back to synchronous mode, but tls_sw_recvmsg() only flushes the async_hold queue when one record has been processed in "fully-async" mode, which may not be the case here. [pabeni@redhat.com: added leak comment]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.1.158 < 6.1.168
Linux ≫ Linux Kernel Version >= 6.6.114 < 6.6.131
Linux ≫ Linux Kernel Version >= 6.12.55 < 6.12.80
Linux ≫ Linux Kernel Version >= 6.17.5 < 6.18
Linux ≫ Linux Kernel Version >= 6.18.1 < 6.18.21
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.11
Linux ≫ Linux Kernel Version6.18 Update-
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
Linux ≫ Linux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.146 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/2dcf324855c34e7f934ce978aa19b645a8f3ee71
https://git.kernel.org/stable/c/6dc11e0bd0a5466bcc76d275c09e5537bd0597dd
https://git.kernel.org/stable/c/9f557c7eae127b44d2e863917dc986a4b6cb1269
https://git.kernel.org/stable/c/fd8037e1f18ca5336934d0e0e7e1a4fe097e749d
https://git.kernel.org/stable/c/84a8335d8300576f1b377ae24abca1d9f197807f
https://git.kernel.org/stable/c/ac435be7c7613eb13a5a8ceb5182e10b50c9ce87