do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
2023-03-16T00:15:11.563
2025-05-05T16:15:34.003
Modified
CVSSv3.1: 7.0 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | ≤ 5.4.240 | Yes |
| Operating System | linux | linux_kernel | < 5.10.177 | Yes |
| Operating System | linux | linux_kernel | < 5.15.105 | Yes |
| Operating System | linux | linux_kernel | < 6.1.20 | Yes |
| Operating System | linux | linux_kernel | < 6.2.7 | Yes |
| Hardware | netapp | h300s | - | Yes |
| Hardware | netapp | h410c | - | Yes |
| Hardware | netapp | h410s | - | Yes |
| Hardware | netapp | h500s | - | Yes |
| Hardware | netapp | h700s | - | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |