Linux Kernel Slab-Out-Of-Bounds Vulnerability in TLS Decryption

Vulnerability

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's TLS implementation. This issue arises in the 'decrypt_internal' function, where the memory size of the initialization vector (IV) for AES128-CCM is incorrectly set to 12 bytes. However, the 'ccm(aes)' encryption scheme requires 16 bytes, leading to a buffer over-read. The vulnerability can be triggered when the 'tls_set_sw_offload' function is called, particularly in the context of TLS 1.3.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Slab-Out-Of-Bounds Vulnerability in TLS Decryption

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating