retired/CVE-2023-6176


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Description: net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
References:
Notes:
 carnil> Commit fixes 635d93981786 ("net/tls: free record only on
 carnil> encryption error") in 5.7-rc7 (and backported to 5.4.44 and
 carnil> 5.6.16).
Bugs:
upstream: released (6.6-rc2) [cfaa80c91f6f99b9342b6557f0f0e1143e434066]
6.1-upstream-stable: released (6.1.54) [7f4116c6f98412a6e29ace6d6a7b41ebb4e8a392]
5.10-upstream-stable: released (5.10.195) [a5096cc6e7836711541b7cd2d6da48d36fe420e9]
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.5.6-1)
6.1-bookworm-security: released (6.1.55-1)
5.10-bullseye-security: released (5.10.197-1)
4.19-buster-security: N/A "Vulnerable code not present"