Security tracker / CVE-2024-26583

CVE-2024-26583

tls: fix race between async notify and socket close

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 0cada33241d9 ("net/tls: fix race condition causing kernel
 carnil> panic"). Vulnerable versions: 5.4.44 5.4.71 5.6.16 5.7 5.8.15.

Bugs

Status

Branch	Status
upstream	released (6.8-rc5) [aec7961916f3f9e88766e2688992da6980f11b8d]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.7-upstream-stable	released (6.7.6) [6209319b2efdd8524691187ee99c40637558fa33]
6.6-upstream-stable	released (6.6.18) [86dc27ee36f558fe223dbdfbfcb6856247356f4a]
6.1-upstream-stable	released (6.1.79) [7a3ca06d04d589deec81f56229a9a9d62352ce01]
5.10-upstream-stable	needed
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	released (6.7.7-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	released (6.1.82-1)
5.10-bullseye-security	needed
4.19-buster-security	N/A "Vulnerable code not present"