Linux Kernel TLS Async Decryption Hold Purge Vulnerability

A vulnerability in the Linux kernel's TLS implementation has been addressed. The issue involved the async_hold queue, which retained encrypted socket buffers (skbs) while the Authenticated Encryption with Associated Data (AEAD) engine used their scatterlist data. After the asynchronous decryption function completed, the skbs could be freed. However, a patch introducing batch asynchronous decryption created a new scenario that required careful management of these skbs to prevent memory leaks. The vulnerability has been fixed by centralizing the purge process, ensuring that all call sites properly release the held skbs, particularly in cases where the decryption process encountered errors.

Impact

The vulnerability could lead to memory leaks by failing to properly release held socket buffers after asynchronous decryption operations, potentially causing increased memory usage and degradation of system performance over time.