CVE-2024-35908

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8	Patch
https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be	Patch
https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3	Patch
https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096	Patch
https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8	Patch
https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be	Patch
https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3	Patch
https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.9:rc1::::::

History

No history.

Information

Published : 2024-05-19 09:15

Updated : 2025-09-24 18:52

NVD link : CVE-2024-35908

Mitre link : CVE-2024-35908

CVE.ORG link : CVE-2024-35908

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2024-35908", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-19T09:15:11.477", "references": [{"url": "https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/417e91e856099e9b8a42a2520e2255e6afe024be", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b565d294e3d5aa809566a4d819835da11997d8b3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f1b7f14130d782433bc98c1e1e41ce6b4d4c3096", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: get psock ref after taking rxlock to avoid leak\n\nAt the start of tls_sw_recvmsg, we take a reference on the psock, and\nthen call tls_rx_reader_lock. If that fails, we return directly\nwithout releasing the reference.\n\nInstead of adding a new label, just take the reference after locking\nhas succeeded, since we don't need it before."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: tls: obtenga referencia de psock despu\u00e9s de tomar rxlock para evitar fugas. Al inicio de tls_sw_recvmsg, tomamos una referencia en psock y luego llamamos a tls_rx_reader_lock. Si eso falla, volvemos directamente sin liberar la referencia. En lugar de agregar una nueva etiqueta, simplemente tome la referencia despu\u00e9s de que el bloqueo se haya realizado correctamente, ya que no la necesitamos antes."}], "lastModified": "2025-09-24T18:52:20.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A905EA8-3CAE-4B15-B3AB-F76EFE6B58D3", "versionEndExcluding": "6.1.85", "versionStartIncluding": "6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C520696A-A594-4FFC-A32D-12DA535CE911", "versionEndExcluding": "6.6.26", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBD6C99E-4250-4DFE-8447-FF2075939D10", "versionEndExcluding": "6.8.5", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}