PT-2023-2332 · Linux+9 · Linux Kernel+9

Hangyu Hua

·

Published

2023-02-28

·

Updated

2024-04-15

·

CVE-2023-28466

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.7
Description The issue is related to a race condition in the Linux kernel's TLS protocol implementation, specifically in the do tls getsockopt conf() and do tls setsockopt conf() functions in the net/tls/tls main.c module. This is due to the lack of synchronization in do tls getsockopt conf(), allowing for concurrent access to ctx->crypto send.info. Exploitation of this issue can lead to a denial of service. The do tls getsockopt function lacks a lock sock call, resulting in a race condition that can cause a use-after-free or NULL pointer dereference.
Recommendations For Linux kernel versions prior to 6.2.7, update to version 6.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/tls/tls main.c module to minimize the risk of exploitation. Avoid using the do tls getsockopt function in the affected API endpoint until the issue is resolved.

Fix

Use After Free

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

ALSA-2023:3708
ALSA-2023:3723
ALSA-2023:3819
ALSA-2023:3847
ALT-PU-2023-1495
ALT-PU-2023-1539
ALT-PU-2023-1628
ALT-PU-2023-1851
ALT-PU-2024-4263
ALT-PU-2024-4843
AZL-25661
BDU:2023-02097
CESA-2023_3819
CESA-2023_3847
CVE-2023-28466
DLA-3404-1
MGASA-2023-0148
MGASA-2023-0149
OESA-2023-1187
OESA-2023-1188
OESA-2023-1197
OESA-2023-1209
RHSA-2023:3708
RHSA-2023:3723
RHSA-2023:3819
RHSA-2023:3847
RHSA-2023:4789
RHSA-2023:4801
RHSA-2023:4814
RHSA-2023_3708
RHSA-2023_3723
RHSA-2023_3819
RHSA-2023_3847
RLSA-2023:3819
RLSA-2023:3847
SUSE-SU-2023:1800-1
SUSE-SU-2023:1802-1
SUSE-SU-2023:1811-1
SUSE-SU-2023:1892-1
SUSE-SU-2023:1897-1
SUSE-SU-2023:1992-1
SUSE-SU-2023:2501-1
SUSE-SU-2023:2507-1
SUSE-SU-2023:2534-1
SUSE-SU-2023:2538-1
SUSE-SU-2023:2679-1
SUSE-SU-2023:2680-1
SUSE-SU-2023:2681-1
SUSE-SU-2023:2686-1
SUSE-SU-2023:2687-1
SUSE-SU-2023:2689-1
SUSE-SU-2023:2694-1
SUSE-SU-2023:2695-1
SUSE-SU-2023:2697-1
SUSE-SU-2023:2698-1
SUSE-SU-2023:2701-1
SUSE-SU-2023:2702-1
SUSE-SU-2023:2703-1
SUSE-SU-2023:2710-1
SUSE-SU-2023:2714-1
SUSE-SU-2023:2718-1
SUSE-SU-2023:2719-1
SUSE-SU-2023:2721-1
SUSE-SU-2023:2724-1
SUSE-SU-2023:2727-1
SUSE-SU-2023:2731-1
SUSE-SU-2023:2735-1
SUSE-SU-2023:2741-1
SUSE-SU-2023:2743-1
SUSE-SU-2023:2755-1
SUSE-SU-2023:2809-1
USN-6033-1
USN-6175-1
USN-6186-1
USN-6284-1
USN-6300-1
USN-6301-1
USN-6311-1
USN-6312-1
USN-6314-1
USN-6331-1
USN-6332-1
USN-6337-1
USN-6347-1
USN-6385-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu