CVE-2024-26582 (CVSS 8.4): Linux Kernel Code Execution Vulnerability

CVE-2024-26582

A high-severity vulnerability, designated CVE-2024-26582, has been discovered within the Transport Layer Security (TLS) subsystem of the Linux kernel. This flaw stems from a use-after-free error in the way kTLS (the kernel’s TLS implementation) handles memory, potentially allowing attackers to execute arbitrary code on vulnerable systems.

kTLS, an integral component of the Linux kernel, serves as the linchpin for encryption and decryption, safeguarding the payload of communications. It ensures that every message remains untainted and authentic through the use of Message Authentication Codes (MACs).

The vulnerability exists in the tls_decrypt_sg() function. A failure to properly manage references to memory pages leads to their premature release by put_page() in tls_decrypt_done(). As a result, process_rx_list may attempt to read from a partially read data structure (skb), triggering the use-after-free condition.

Successful exploitation of CVE-2024-26582 (CVSS 8.4) could result in a denial-of-service (DoS) condition or, in the most severe cases, remote code execution. This grants attackers the ability to take control of affected systems.

Linux kernels from version 6.0 (where the flaw was introduced) up to 6.8-rc4 are vulnerable. Immediate patching to the latest stable kernel version is strongly advised. The fix is included in kernel version 6.8-rc5 and later.

If a full upgrade is not feasible, individual patches can be found in the commits. However, proceed with extreme caution, as this approach is not ideal.

Given the severity of CVE-2024-26582, system administrators and security teams responsible for Linux systems should prioritize the following:

  • Apply the patch as soon as possible.
  • Monitor systems for unusual activity that could signal attempted exploitation.
  • Maintain vigilance regarding future kernel updates to address ongoing security threats.