CVE-2024-35908

tls: get psock ref after taking rxlock to avoid leak

Description

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

N/A

CVSS

Severity:

EPSS 0.13%

Affected: Linux Linux

References

Link	Tags
https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8
https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096
https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3
https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be

Frequently Asked Questions

What is the severity of CVE-2024-35908?: CVE-2024-35908 has not yet been assigned a CVSS score.
How to fix CVE-2024-35908?: To fix CVE-2024-35908, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-35908 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-35908 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-35908?: CVE-2024-35908 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.