CVE-2024-26584

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's handling of backlogging of crypto requests. When the CRYPTO TFM REQ MAY BACKLOG flag is set on requests to the crypto API, crypto aead {encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. This can occur when the cryptd queue for AESNI is full, causing requests to be enqueued to the backlog but still processed. As a result, the async callback will be called twice: first with err == -EINPROGRESS, which can be ignored, and then with err == 0. The vulnerability can be exploited to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.