{"id":"CVE-2024-40983","summary":"tipc: force a dst refcount before doing decryption","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb's destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n  [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n  [] Workqueue: crypto cryptd_queue_worker\n  [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n  [] Call Trace:\n  [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n  [] tipc_rcv+0xcf5/0x1060 [tipc]\n  [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n  [] cryptd_aead_crypt+0xdb/0x190\n  [] cryptd_queue_worker+0xed/0x190\n  [] process_one_work+0x93d/0x17e0","modified":"2026-04-02T12:17:23.625871Z","published":"2024-07-12T12:33:57.263Z","related":["ALSA-2024:5928","ALSA-2024:8856","ALSA-2024:8870","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40983.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"},{"type":"WEB","url":"https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40983.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40983"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fc1b6d6de2208774efd2a20bf0daddb02d18b1e0"},{"fixed":"3eb1b39627892c4e26cb0162b75725aa5fcc60c8"},{"fixed":"692803b39a36e63ac73208e0a3769ae6a2f9bc76"},{"fixed":"623c90d86a61e3780f682b32928af469c66ec4c2"},{"fixed":"b57a4a2dc8746cea58a922ebe31b6aa629d69d93"},{"fixed":"6808b41371670c51feea14f63ade211e78100930"},{"fixed":"2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40983.json"}}],"schema_version":"1.7.5"}