Bug 2391431 (CVE-2024-58240)

Summary: CVE-2024-58240 kernel: tls: separate no-async decryption request handling from async
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-08-28 10:01:22 UTC 
In the Linux kernel, the following vulnerability has been resolved:

tls: separate no-async decryption request handling from async

If we're not doing async, the handling is much simpler. There's no
reference counting, we just need to wait for the completion to wake us
up and return its result.

We should preferably also use a separate crypto_wait. I'm not seeing a
UAF as I did in the past, I think aec7961916f3 ("tls: fix race between
async notify and socket close") took care of it.

This will make the next fix easier.
Comment 1 Keith Grant 2025-08-29 13:04:41 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025082836-CVE-2024-58240-b2b3@gregkh/T
Comment 14 errata-xmlrpc 2025-10-29 15:11:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:19268 https://access.redhat.com/errata/RHSA-2025:19268
Comment 15 errata-xmlrpc 2025-11-03 15:53:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:19492 https://access.redhat.com/errata/RHSA-2025:19492
Comment 16 errata-xmlrpc 2025-11-18 09:00:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:21667 https://access.redhat.com/errata/RHSA-2025:21667
Comment 17 errata-xmlrpc 2025-12-04 12:45:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22752 https://access.redhat.com/errata/RHSA-2025:22752