In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Feb 21, 2024
to the GitHub Advisory Database
•
Updated Mar 15, 2024
Description
Published by the National Vulnerability Database
Feb 21, 2024
Published to the GitHub Advisory Database
Feb 21, 2024
Last updated
Mar 15, 2024
In the Linux kernel, the following vulnerability has been resolved:
net: tls: fix use-after-free with partial reads and async decrypt
tls_decrypt_sg doesn't take a reference on the pages from clear_skb,
so the put_page() in tls_decrypt_done releases them, and we trigger
a use-after-free in process_rx_list when we try to read from the
partially-read skb.
References