APPLIED: [SRU][F][PULL] Fixes for CVE-2024-2658{3,4,5}

Stefan Bader stefan.bader at canonical.com
Fri Jun 21 12:38:27 UTC 2024 

On 13.06.24 10:58, Juerg Haefliger wrote:
> [ Impact ]
> 
> CVE-2024-26583 (https://ubuntu.com/security/CVE-2024-26583)
> CVE-2024-26584 (https://ubuntu.com/security/CVE-2024-26584)
> CVE-2024-26585 (https://ubuntu.com/security/CVE-2024-26585)
> 
> [ Test case ]
> 
> 1) Enable async crypto:
>      $ modprobe tcrypt alg="pcrypt(generic-gcm-aesni)" type=3
> 2) Enable TLS function tracing:
>      $ echo function_graph > /sys/kernel/tracing/current_tracer
>      $ echo 'tls_*:mod:tls' > /sys/kernel/tracing/set_ftrace_filter
> 3) Run TLS kernel selftests from v6.9:
>      $ ./linux-6.9/tools/testing/selftests/net/tls
> 4) Verify:
>      - No call traces in the kernel log
>      - All modified TLS functions are called
>      - No additional unexpected TLS test failures
> 
> [ Where problems could occur ]
> 
> Modifications are all limited to the tls module so only applications
> that use kernel TLS might suffer.
> 
> [ Notes ]
> 
> 1) 5.4 is not vulnerable to CVE-2024-26582
> 2) All CVEs are fixed by a single upstream patchset so the fixes are
>     all rolled into a single PR as well
> 
> Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
> 
> --------
> 
> The following changes since commit fdd8899124cc0797d48181a93c326945146bf907:
> 
>    UBUNTU: Ubuntu-5.4.0-186.206 (2024-04-26 14:01:17 +0200)
> 
> are available in the Git repository at:
> 
>    https://git.launchpad.net/~juergh/+git/linux focal/linux/CVE-2024-2658x
> 
> for you to fetch changes up to d4b78e4da316d5964a298c128ee0e849111d3cbe:
> 
>    tls: fix race between tx work scheduling and socket close (2024-06-10 15:42:37 +0200)
> 
> ----------------------------------------------------------------
> Jakub Kicinski (22):
>        tls: splice_read: fix record type check
>        tls: splice_read: fix accessing pre-processed records
>        net/tls: pass context to tls_device_decrypted()
>        net: tls: avoid discarding data on record close
>        tls: rx: don't store the record type in socket context
>        tls: rx: don't store the decryption status in socket context
>        tls: rx: don't issue wake ups when data is decrypted
>        tls: rx: refactor decrypt_skb_update()
>        tls: hw: rx: use return value of tls_device_decrypted() to carry status
>        tls: rx: drop unnecessary arguments from tls_setup_from_iter()
>        tls: rx: don't report text length from the bowels of decrypt
>        tls: rx: wrap decryption arguments in a structure
>        tls: rx: factor out writing ContentType to cmsg
>        tls: rx: don't track the async count
>        tls: rx: assume crypto always calls our callback
>        tls: rx: use async as an in-out argument
>        net: tls: fix async vs NIC crypto offload
>        tls: rx: simplify async wait
>        net: tls: factor out tls_*crypt_async_wait()
>        tls: fix race between async notify and socket close
>        net: tls: handle backlogging of crypto requests
>        tls: fix race between tx work scheduling and socket close
> 
> Jim Ma (1):
>        tls splice: remove inappropriate flags checking for MSG_PEEK
> 
> Maxim Mikityanskiy (4):
>        net/tls: Replace TLS_RX_SYNC_RUNNING with RCU
>        net/tls: Fix use-after-free after the TLS device goes down and up
>        tls: Fix context leak on tls_device_down
>        net/tls: Remove the context from the list in tls_device_down
> 
> Sabrina Dubroca (2):
>        tls: decrement decrypt_pending if no async completion will be called
>        tls: extract context alloc/initialization out of tls_set_sw_offload
> 
> Tariq Toukan (3):
>        net/tls: Check for errors in tls_device_init
>        net/tls: Perform immediate device ctx cleanup when possible
>        net/tls: Multi-threaded calls to TX tls_dev_del
> 
>   include/net/strparser.h       |   4 +
>   include/net/tls.h             |  40 ++--
>   net/tls/tls_device.c          | 210 ++++++++++------
>   net/tls/tls_device_fallback.c |   7 +
>   net/tls/tls_main.c            |   9 +-
>   net/tls/tls_sw.c              | 543 +++++++++++++++++++++---------------------
>   6 files changed, 442 insertions(+), 371 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 48643 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240621/053b020f/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240621/053b020f/attachment-0001.sig>

More information about the kernel-team mailing list