do_tls_getsockopt in net/tls/tls_main.c in the Linux...
High severity
Unreviewed
Published
Mar 16, 2023
to the GitHub Advisory Database
•
Updated May 3, 2023
Description
Published by the National Vulnerability Database
Mar 16, 2023
Published to the GitHub Advisory Database
Mar 16, 2023
Last updated
May 3, 2023
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
References