CVE-2024-26585

tls: fix race between tx work scheduling and socket close

Description

In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do.

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/dd32621f19243f89ce830919496a5dcc2158aa33
https://git.kernel.org/stable/c/196f198ca6fce04ba6ce262f5a0e4d567d7d219d
https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146 patch
https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 patch
https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb patch

Frequently Asked Questions

What is the severity of CVE-2024-26585?
CVE-2024-26585 has been scored as a medium severity vulnerability.
How to fix CVE-2024-26585?
To fix CVE-2024-26585, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-26585 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-26585 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-26585?
CVE-2024-26585 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.