Описание
[REJECTED CVE] A vulnerability was identified in the net/tls module of the Linux kernel where the tls_sk_proto_close() function could be executed repeatedly during socket teardown due to improper protocol pointer handling in tls_update(). This recursive invocation could lead to a NULL pointer dereference and kernel panic. An attacker exploiting this flaw could potentially trigger a denial of service by forcing repeated close operations on a crafted TLS socket.
Отчет
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025022623-REJECTED-7011@gregkh/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 9 | kernel | Fix deferred | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2347907kernel: net/tls: fix tls_sk_proto_close executed repeatedly
5.5 Medium
CVSS3
Связанные уязвимости
nvd
12 месяцев назад
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5 Medium
CVSS3