Acknowledged
Created: Aug 29, 2025
Updated: Sep 4, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]tls: separate no-async decryption request handling from async[EOL][EOL]If we're not doing async, the handling is much simpler. There's no[EOL]reference counting, we just need to wait for the completion to wake us[EOL]up and return its result.[EOL][EOL]We should preferably also use a separate crypto_wait. I'm not seeing a[EOL]UAF as I did in the past, I think aec7961916f3 ("tls: fix race between[EOL]async notify and socket close") took care of it.[EOL][EOL]This will make the next fix easier.
CREATE(Triage):(User=admin) [CVE-2024-58240 (https://nvd.nist.gov/vuln/detail/CVE-2024-58240)
