PT-2024-1905 · Linux+7 · Linux Kernel+7

Sabrina Dubroca

Published

2024-02-10

Updated

2025-09-29

CVE-2024-26582

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free vulnerability in the Linux kernel's TLS implementation, specifically in the tls decrypt done() function. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability occurs when tls decrypt sg does not take a reference on the pages from clear skb, causing put page() in tls decrypt done to release them, leading to a use-after-free in process rx list when trying to read from the partially-read skb.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2024:2394

ALSA-2024_2394

ALSA-2025_16880

ALT-PU-2024-14046

ALT-PU-2024-3291

ALT-PU-2024-6818

AZL-35798

BDU:2024-01681

CVE-2024-26582

DSA-5658-1

INFSA-2024_2394

RHSA-2024:1881

RHSA-2024:1882

RHSA-2024:2394

RHSA-2024_2394

SUSE-SU-2025:20028-1

USN-6765-1

USN-6818-1

USN-6818-2

USN-6818-3

USN-6818-4

USN-6819-1

USN-6819-2

USN-6819-3

USN-6819-4

Affected Products

Alt Linux

Almalinux

Astra Linux

Linuxmint

Linux Kernel

Red Hat

Red Os

Ubuntu

PT-2024-1905 · Linux+7 · Linux Kernel+7

CVE-2024-26582

Weakness Enumeration

Related Identifiers

Affected Products

References · 2147