do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 4.13 (including) | 5.4.240 (including) |
Linux_kernel | Linux | 5.5 (including) | 5.10.177 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.15.105 (excluding) |
Linux_kernel | Linux | 5.16 (including) | 6.1.20 (excluding) |
Linux_kernel | Linux | 6.2 (including) | 6.2.7 (excluding) |