[SRU OEM-5.17,OEM-6.0 0/1] CVE-2023-28466
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Aug 4 13:18:17 UTC 2023
[Impact]
It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.
[Potential regression]
TLS socket users will be impacted. This does not impact TLS users using
userspace TLS support.
Hangyu Hua (1):
net: tls: fix possible race condition between do_tls_getsockopt_conf()
and do_tls_setsockopt_conf()
net/tls/tls_main.c | 19 +++++--------------
1 file changed, 5 insertions(+), 14 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list