CVE-2023-54306

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: tls: avoid hanging tasks on the tx_lock

syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to make forward progress. Thread which took tx_lock and went to sleep may not release tx_lock for hours. Use interruptible sleep where possible and reschedule the work if it can't take the lock.

Testing: existing selftest passes

Affected Software

VendorProductVersion RangeStatus
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < bde541a57b4204d0a800afbbd3d1c06c9cdb133faffected
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < 7123a4337bf73132bbfb5437e4dc83ba864a9a1eaffected
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < be5d5d0637fd88c18ee76024bdb22649a1de00d6affected
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < 1f800f6aae57d2d8f63d32fff383017cbc11cf65affected
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < ccf1ccdc5926907befbe880b562b2a4b5f44c087affected
LinuxLinux79ffe6087e9145d2377385cac48d0d6a6b4225a5 < f3221361dc85d4de22586ce8441ec2c67b454f5daffected
LinuxLinuxc8d6817345f4ba228d07380e571676405e112872affected
LinuxLinux5.3.11 < 5.4affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.4.235 <= 5.4.*unaffected
LinuxLinux5.10.173 <= 5.10.*unaffected
LinuxLinux5.15.100 <= 5.15.*unaffected
LinuxLinux6.1.18 <= 6.1.*unaffected
LinuxLinux6.2.5 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References