CVE-2024-26583: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-26583 is a race condition vulnerability discovered in the TLS subsystem of the Linux kernel. The vulnerability affects Linux kernel versions from 5.7.0 up to (excluding) 6.1.79, from 6.2.0 up to (excluding) 6.6.18, and from 6.7.0 up to (excluding) 6.7.6. The issue occurs when a submitting thread that calls recvmsg/sendmsg may exit as soon as the async crypto handler calls complete(), potentially leading to accessing already freed data (NVD).

The vulnerability is a race condition in the TLS subsystem where the submitting thread may exit prematurely after the async crypto handler calls complete(), risking access to freed memory. The fix involves removing locking and extra flags, implementing an extra reference hold by the main thread, and relying solely on atomic reference counter for synchronization. The vulnerability has been assigned a CVSS v3.1 base score of 4.7 (Medium) with vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to system instability or crashes due to accessing freed memory. The CVSS scoring indicates that while the vulnerability requires local access and is complex to exploit, it could result in high availability impact to the affected system (NVD).

The vulnerability has been patched in the Linux kernel. The fix involves modifying the TLS subsystem to prevent the race condition by implementing proper synchronization using atomic reference counting. Users should upgrade to kernel versions 6.1.79, 6.6.18, or 6.7.6 or later, depending on their kernel branch (Kernel Patch).