{"id":"CVE-2024-26584","summary":"net: tls: handle backlogging of crypto requests","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: tls: handle backlogging of crypto requests\n\nSince we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our\nrequests to the crypto API, crypto_aead_{encrypt,decrypt} can return\n -EBUSY instead of -EINPROGRESS in valid situations. For example, when\nthe cryptd queue for AESNI is full (easy to trigger with an\nartificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued\nto the backlog but still processed. In that case, the async callback\nwill also be called twice: first with err == -EINPROGRESS, which it\nseems we can just ignore, then with err == 0.\n\nCompared to Sabrina's original patch this version uses the new\ntls_*crypt_async_wait() helpers and converts the EBUSY to\nEINPROGRESS to avoid having to modify all the error handling\npaths. The handling is identical.","modified":"2026-04-02T10:04:51.383847Z","published":"2024-02-21T14:59:12.452Z","related":["ALSA-2024:2394","ALSA-2024:4352","SUSE-SU-2024:2893-1","SUSE-SU-2024:2894-1","SUSE-SU-2024:2902-1","SUSE-SU-2024:2923-1","SUSE-SU-2024:2929-1","SUSE-SU-2024:2939-1","SUSE-SU-2024:2947-1","SUSE-SU-2024:2948-1","SUSE-SU-2024:3249-1","SUSE-SU-2024:3499-1","SUSE-SU-2025:03600-1","SUSE-SU-2025:03613-1","SUSE-SU-2025:03615-1","SUSE-SU-2025:03626-1","SUSE-SU-2025:03628-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:3716-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:3761-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","USN-6818-2","USN-6819-2"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26584.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3ade391adc584f17b5570fd205de3ad029090368"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/26xxx/CVE-2024-26584.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26584"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a54667f6728c2714a400f3c884727da74b6d1717"},{"fixed":"3ade391adc584f17b5570fd205de3ad029090368"},{"fixed":"cd1bbca03f3c1d845ce274c0d0a66de8e5929f72"},{"fixed":"13eca403876bbea3716e82cdfe6f1e6febb38754"},{"fixed":"ab6397f072e5097f267abf5cb08a8004e6b17694"},{"fixed":"8590541473188741055d27b955db0777569438e3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26584.json"}}],"schema_version":"1.7.5"}