CVE-2024-35908

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35908
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35908.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35908
Downstream
Related
Published
2024-05-19T08:35:01.460Z
Modified
2025-11-20T04:30:38.886060Z
Summary
tls: get psock ref after taking rxlock to avoid leak
Details

In the Linux kernel, the following vulnerability has been resolved:

tls: get psock ref after taking rxlock to avoid leak

At the start of tlsswrecvmsg, we take a reference on the psock, and then call tlsrxreader_lock. If that fails, we return directly without releasing the reference.

Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4cbc325ed6b4dce4910be06d9d6940a8b919c59b
Fixed
30fabe50a7ace3e9d57cf7f9288f33ea408491c8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4cbc325ed6b4dce4910be06d9d6940a8b919c59b
Fixed
f1b7f14130d782433bc98c1e1e41ce6b4d4c3096
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4cbc325ed6b4dce4910be06d9d6940a8b919c59b
Fixed
b565d294e3d5aa809566a4d819835da11997d8b3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4cbc325ed6b4dce4910be06d9d6940a8b919c59b
Fixed
417e91e856099e9b8a42a2520e2255e6afe024be

Affected versions

v5.*

v5.19
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.8
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.8.1
v6.8.2
v6.8.3
v6.8.4

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-35908-0e54bafa",
        "signature_version": "v1",
        "digest": {
            "function_hash": "215471457260439554925328176674017771810",
            "length": 3727.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1b7f14130d782433bc98c1e1e41ce6b4d4c3096",
        "target": {
            "file": "net/tls/tls_sw.c",
            "function": "tls_sw_recvmsg"
        }
    },
    {
        "id": "CVE-2024-35908-2e9eb815",
        "signature_version": "v1",
        "digest": {
            "function_hash": "215471457260439554925328176674017771810",
            "length": 3727.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@417e91e856099e9b8a42a2520e2255e6afe024be",
        "target": {
            "file": "net/tls/tls_sw.c",
            "function": "tls_sw_recvmsg"
        }
    },
    {
        "id": "CVE-2024-35908-5ece7f7a",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "281701273465012633770594320566791972395",
                "296873180455569853097991727957018923518",
                "78376545764466870031920649544294372388",
                "530656660248950649206753310554753021",
                "253125865918173452851855556163048101064",
                "310474898478145283529362722560001480247",
                "128975201789492304317391706468636074020"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f1b7f14130d782433bc98c1e1e41ce6b4d4c3096",
        "target": {
            "file": "net/tls/tls_sw.c"
        }
    },
    {
        "id": "CVE-2024-35908-97012aae",
        "signature_version": "v1",
        "digest": {
            "function_hash": "215471457260439554925328176674017771810",
            "length": 3727.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b565d294e3d5aa809566a4d819835da11997d8b3",
        "target": {
            "file": "net/tls/tls_sw.c",
            "function": "tls_sw_recvmsg"
        }
    },
    {
        "id": "CVE-2024-35908-a9b16576",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "281701273465012633770594320566791972395",
                "296873180455569853097991727957018923518",
                "78376545764466870031920649544294372388",
                "530656660248950649206753310554753021",
                "253125865918173452851855556163048101064",
                "310474898478145283529362722560001480247",
                "128975201789492304317391706468636074020"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b565d294e3d5aa809566a4d819835da11997d8b3",
        "target": {
            "file": "net/tls/tls_sw.c"
        }
    },
    {
        "id": "CVE-2024-35908-f2c7eecd",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "281701273465012633770594320566791972395",
                "296873180455569853097991727957018923518",
                "78376545764466870031920649544294372388",
                "530656660248950649206753310554753021",
                "253125865918173452851855556163048101064",
                "310474898478145283529362722560001480247",
                "128975201789492304317391706468636074020"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@417e91e856099e9b8a42a2520e2255e6afe024be",
        "target": {
            "file": "net/tls/tls_sw.c"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.85
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.26
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.8.5