2 matches found
DEBIAN-CVE-2023-52767
In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tlsswspliceeof with empty record syzkaller discovered that if tlsswspliceeof is executed as part of sendfile when the plaintext/ciphertext skmsg are empty, the send path gets confused because the empty...
CVE-2023-52767
CVE-2023-52767 : In the Linux kernel, a NULL dereference could occur in the TLS path when tls_sw_splice_eof() runs as part of sendfile() with an empty plaintext/ciphertext sk_msg. The issue caused tls_push_record() to take the split path and tls_merge_open_record(), which assumed at least one pop...