CVE-2024-26584 net: tls: handle backlogging of crypto requests

2024-02-2114:59:12

Linux

www.cve.org

linux kernel

vulnerability resolved

crypto api

crypto requests

ebusy

einprogress

async callback

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

net: tls: handle backlogging of crypto requests

Since we’re setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our
requests to the crypto API, crypto_aead_{encrypt,decrypt} can return
-EBUSY instead of -EINPROGRESS in valid situations. For example, when
the cryptd queue for AESNI is full (easy to trigger with an
artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued
to the backlog but still processed. In that case, the async callback
will also be called twice: first with err == -EINPROGRESS, which it
seems we can just ignore, then with err == 0.

Compared to Sabrina’s original patch this version uses the new
tls_*crypt_async_wait() helpers and converts the EBUSY to
EINPROGRESS to avoid having to modify all the error handling
paths. The handling is identical.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/tls/tls_sw.c"
    ],
    "versions": [
      {
        "version": "a54667f6728c",
        "lessThan": "3ade391adc58",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a54667f6728c",
        "lessThan": "cd1bbca03f3c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a54667f6728c",
        "lessThan": "13eca403876b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a54667f6728c",
        "lessThan": "ab6397f072e5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a54667f6728c",
        "lessThan": "859054147318",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/tls/tls_sw.c"
    ],
    "versions": [
      {
        "version": "4.16",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.16",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.160",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.84",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.18",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.7.6",
        "lessThanOrEqual": "6.7.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.8",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]