CVE-2023-52767

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL dereference issue has been discovered in the Linux kernel. This issue occurs when tls sw splice eof() is executed as part of sendfile() and the plaintext/ciphertext sk msg are empty. The send path gets confused due to the empty ciphertext buffer not having enough space for encryption overhead, leading to tls push record() going on the split = true path. This path is only supposed to be used when interacting with an attached BPF program. As a result, tls merge open record() is hit, assuming there must be at least one populated buffer element, which leads to a NULL dereference. This can happen if empty plaintext/ciphertext buffers are present after previously bailing from tls sw sendmsg locked() via the tls trim both msgs() path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.