CVE-2026-31533

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

The -EBUSY handling in tls_do_encryption(), introduced by commit 859054147318 ("net: tls: handle backlogging of crypto requests"), has a use-after-free due to double cleanup of encrypt_pending and the scatterlist entry.

When crypto_aead_encrypt() returns -EBUSY, the request is enqueued to the cryptd backlog and the async callback tls_encrypt_done() will be invoked upon completion. That callback unconditionally restores the scatterlist entry (sge->offset, sge->length) and decrements ctx->encrypt_pending. However, if tls_encrypt_async_wait() returns an error, the synchronous error path in tls_do_encryption() performs the same cleanup again, double-decrementing encrypt_pending and double-restoring the scatterlist.

The double-decrement corrupts the encrypt_pending sentinel (initialized to 1), making tls_encrypt_async_wait() permanently skip the wait for pending async callbacks. A subsequent sendmsg can then free the tls_rec via bpf_exec_tx_verdict() while a cryptd callback is still pending, resulting in a use-after-free when the callback fires on the freed record.

Fix this by skipping the synchronous cleanup when the -EBUSY async wait returns an error, since the callback has already handled encrypt_pending and sge restoration.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3ade391adc584f17b5570fd205de3ad029090368 < 414fc5e5a5aff776c150f1b86770e0a25a35df3aaffected
LinuxLinuxcd1bbca03f3c1d845ce274c0d0a66de8e5929f72 < 02f3ecadb23558bbe068e6504118f1b712d4ece0affected
LinuxLinux13eca403876bbea3716e82cdfe6f1e6febb38754 < 0e43e0a3c94044acc74b8e0927c27972eb5a59e8affected
LinuxLinux8590541473188741055d27b955db0777569438e3 < aa9facde6c5005205874c37db3fd25799d741bafaffected
LinuxLinux8590541473188741055d27b955db0777569438e3 < 5d70eb25b41e9b010828cd12818b06a0c3b04412affected
LinuxLinux8590541473188741055d27b955db0777569438e3 < 2694d408b0e595024e0fc1d64ff9db0358580f74affected
LinuxLinux8590541473188741055d27b955db0777569438e3 < a9b8b18364fffce4c451e6f6fd218fa4ab646705affected
LinuxLinuxab6397f072e5097f267abf5cb08a8004e6b17694affected
LinuxLinux5.15.160 < 5.15.203affected
LinuxLinux6.1.84 < 6.1.169affected
LinuxLinux6.6.18 < 6.6.135affected
LinuxLinux6.7.6 < 6.8affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.169 <= 6.1.*unaffected
LinuxLinux6.6.135 <= 6.6.*unaffected
LinuxLinux6.12.82 <= 6.12.*unaffected
LinuxLinux6.18.23 <= 6.18.*unaffected
LinuxLinux6.19.13 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References