CVE-2024-26583: Linux Kernel Vulnerability Fixed - TLS Race Condition between Async Notify and Socket Close

In the Linux kernel, a critical vulnerability (CVE-2024-26583) was recently discovered and resolved, which pertained to a race condition between the async notify and socket close in the Transport Layer Security (TLS) subsystem. The issue could potentially lead to undefined behavior, application crashes, or even remote code execution. Developers and admins are advised to update their systems to patch this vulnerability and mitigate any potential security threats. This post will detail the vulnerability itself, provide an explanation of the exploit, and offer a code snippet fix and links to related references.

Vulnerability Details

The vulnerability exists within the code that handles asynchronous notifications and sockets closures in the Linux kernel's TLS implementation. The submitting thread (one which called the recvmsg or sendmsg functions) may exit as soon as the async crypto handler calls complete(). Consequently, any code executed past this point risks accessing data that has already been freed, leading to security and stability issues.

Understanding the Exploit

The exploit takes advantage of the race condition between the async notify and the socket close, causing the main thread to touch and potentially manipulate data that has already been freed. The Linux kernel developers have provided a fix to address this vulnerability and avoid the locking and additional flags that are no longer required.

Code Snippet Fix

To fix the vulnerability, the Linux kernel developers implemented a solution that has the main thread hold an extra reference. This allows the system to rely solely on the atomic reference counter for synchronization instead of the locking mechanism. The completion reinitialization is also abolished, ensuring a tightly controlled firing sequence. The complete solution can be found here.

Conclusion

The Linux kernel developers were quick to identify and fix the vulnerability (CVE-2024-26583) that was causing a race condition between the async notify and socket close in the kernel's TLS implementation. It is highly recommended that all users update their systems with the provided fix to prevent exposure to any potential security threats. By staying updated on newly discovered vulnerabilities and fixing them as soon as possible, we can minimize the risks associated with running our systems and applications.

Original References

1. CVE-2024-26583: Entry on the official CVE list.
2. Linux kernel git commit: The commit with the fix for the vulnerability.
3. TLS race condition vulnerability disclosure: Further details of the vulnerability's discovery and resolution.

Timeline

Published on: 02/21/2024 15:15:09 UTC
Last modified on: 03/15/2024 13:05:03 UTC