Linux Kernel TLS Component: Asynchronous Decryption Handling Vulnerability

A vulnerability in the Linux kernel's TLS implementation has been addressed. The issue arose during asynchronous decryption processes, where the function 'tls_strp_msg_hold' is called to create a clone of the input socket buffer (skb) to manage memory references. If this cloning process fails, continuing with decryption could cause problems, such as a use-after-free error on the skb or unintended writes to user-space memory after the 'recv()' call has completed. The vulnerability required decryption requests to be paused until the issue was resolved.

Impact

The vulnerability could lead to use-after-free conditions on socket buffers, potentially allowing for memory corruption or exploitation through crafted network traffic.

Reproduction

The vulnerability can be reproduced by initiating an asynchronous decryption process in the TLS layer of the Linux kernel. If the 'tls_strp_msg_hold' function fails to clone the input socket buffer, the decryption process can inadvertently cause a use-after-free error on the socket buffer, or write into user-space memory after the 'recv' call has returned, creating a window for memory corruption or exploitation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.