CVE-2024-35841

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a vulnerability in the Linux kernel's net component, specifically with the TLS sendmsg code. When a splice with MSG SPLICE PAGES is used, it can cause the tls sw sendmsg splice path to loop over the message until it is full, checked by sk msg full(msg pl). The user can set the MORE flag to delay sending until more pages are received, but if more pages are added than can fit in the msg pl scatterlist (MAX MSG FRAGS), the MORE flag should be ignored and the buffer sent anyway. However, the code aborts the msg to msg pl scatterlist setup and falls through to the 'continue' path, which checks if msg data left(msg) has more bytes to send and attempts to fit them in the already full msg pl, resulting in a warning.

Recommendations: To fix the issue, simply check if there is a full record in the splice code path and if not, send the message regardless of the MORE flag. As a temporary workaround, consider restricting access to the vulnerable TLS sendmsg code until a patch is available.