CVE-2024-26800 Overview
CVE-2024-26800 is a use-after-free vulnerability [CWE-416] in the Linux kernel's Transport Layer Security (TLS) subsystem. The flaw resides in the tls_decrypt_sg error path when handling failed backlog decryption requests. When crypto_aead_decrypt returns -EBUSY, the kernel waits for async decryption to complete. If decryption fails with -EBADMSG, the error path attempts to release pages that the async callback tls_decrypt_done has already freed.
The vulnerability affects Linux kernel versions including the 6.8 release candidates (rc1 through rc6) and earlier stable branches. A local attacker can leverage this flaw to corrupt kernel memory and potentially escalate privileges.
Critical Impact
Local attackers can trigger memory corruption in the kernel TLS subsystem, leading to potential privilege escalation, denial of service, or arbitrary code execution in kernel context.
Affected Products
- Linux Kernel 6.8-rc1 through 6.8-rc6
- Linux Kernel stable branches prior to commits 13114dc5, 1ac9fb84, 81be8535, and f2b85a4c
- Systems with kernel TLS (kTLS) enabled and using async crypto backends
Discovery Timeline
- 2024-04-04 - CVE-2024-26800 published to NVD
- 2025-12-11 - Last updated in NVD database
Technical Details for CVE-2024-26800
Vulnerability Analysis
The vulnerability stems from incorrect handling of the -EBUSY return code in tls_do_decryption. The kernel TLS implementation supports asynchronous decryption through the crypto API. When a request is queued in the backlog, crypto_aead_decrypt returns -EBUSY and the function waits for all pending async decryptions to complete.
If any of the queued decryptions fail, tls_do_decryption returns -EBADMSG. The caller tls_decrypt_sg then jumps to its error path and attempts to release the scatter-gather pages associated with the request. These pages were already freed by tls_decrypt_done, the async completion callback, creating a use-after-free condition.
Root Cause
The root cause is conflation of two distinct async behaviors. Only the -EINPROGRESS return code represents a true asynchronous operation where memory ownership transfers to the callback. The -EBUSY case involves waiting synchronously after queuing, but the callback still runs and releases memory. Without a flag distinguishing these cases, the error path double-frees the pages.
Attack Vector
Exploitation requires local access with the ability to open TLS sockets and trigger backlogged crypto operations under load. An attacker manipulates the crypto backlog state to force -EBUSY returns, then induces a decryption failure to trigger the error path. The resulting use-after-free corrupts kernel page allocator metadata and can be shaped into privilege escalation primitives.
The fix introduces an ->async_done flag to notify tls_decrypt_sg that the callback has already released memory, preventing the double-free on the error path. The corrected logic also signals tls_sw_recvmsg that data is available for immediate copy in the -EBUSY case.
Detection Methods for CVE-2024-26800
Indicators of Compromise
- Kernel oops or panic messages referencing tls_decrypt_sg, tls_decrypt_done, or tls_do_decryption in dmesg output
- KASAN reports flagging use-after-free in net/tls/tls_sw.c page handling code
- Unexpected process termination on TLS-enabled sockets with async crypto backends
- Page allocator corruption warnings (BUG: Bad page state) on systems using kTLS
Detection Strategies
- Enable kernel address sanitizer (KASAN) builds in test environments to catch the use-after-free at runtime
- Audit running kernel versions against patched commits 13114dc5, 1ac9fb84, 81be8535, and f2b85a4c
- Monitor for processes invoking setsockopt with TLS_TX/TLS_RX options on kernels without the fix
- Correlate crash dumps and kernel logs across endpoints to identify clusters of TLS-related faults
Monitoring Recommendations
- Collect and centralize dmesg and /var/log/kern.log entries referencing TLS subsystem functions
- Track loaded crypto modules (tcrypt, cryptd) on production hosts where kTLS is enabled
- Alert on repeated kernel warnings from net/tls/ source paths
- Inventory hosts running affected 6.8-rc kernels and stable branches still on vulnerable revisions
How to Mitigate CVE-2024-26800
Immediate Actions Required
- Apply the upstream kernel patches identified by commits 13114dc5543069f7b97991e3b79937b6da05f5b0, 1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1, 81be85353b0f5a7b660635634b655329b429eefe, and f2b85a4cc763841843de693bbd7308fe9a2c4c89
- Update to a distribution kernel package that backports the TLS use-after-free fix
- Restrict local access on multi-tenant systems until patches are deployed
- Audit applications using kernel TLS offload to confirm patched kernel versions
Patch Information
The Linux kernel maintainers have merged the fix across stable branches. See the upstream commits: Patch 13114dc5, Patch 1ac9fb84, Patch 81be8535, and Patch f2b85a4c. The fix introduces an ->async_done flag to disambiguate between true async (-EINPROGRESS) and backlogged-and-waited (-EBUSY) crypto operations.
Workarounds
- Disable kernel TLS by unloading the tls module where the feature is not required: modprobe -r tls
- Avoid configuring async crypto backends for TLS sockets on unpatched kernels
- Limit kTLS use to trusted local users and contained workloads until patching completes
# Verify kernel version and check for TLS module exposure
uname -r
lsmod | grep -E '^tls'
# Optional: prevent automatic loading of the tls module
echo 'blacklist tls' | sudo tee /etc/modprobe.d/disable-tls.conf
sudo update-initramfs -u
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
