CVE-2024-35908 in Linux
Summary
by MITRE • 05/19/2024
In the Linux kernel, the following vulnerability has been resolved:
tls: get psock ref after taking rxlock to avoid leak
At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference.
Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/24/2025
The vulnerability identified as CVE-2024-35908 resides within the Linux kernel's Transport Layer Security implementation, specifically affecting the tls_sw_recvmsg function. This issue represents a subtle but significant memory management flaw that could potentially lead to resource leaks and system instability. The vulnerability occurs in the context of TLS protocol handling where the kernel must manage references to socket structures while processing received data. The problem manifests when the kernel attempts to acquire a read lock on the TLS receive queue before properly establishing a reference to the underlying socket object, creating a potential race condition scenario.
The technical flaw stems from the improper ordering of operations within the tls_sw_recvmsg function where the kernel first acquires a reference to the psock structure and subsequently attempts to take the rxlock. When the locking operation fails, the code path returns directly without releasing the previously acquired reference, resulting in a reference leak. This memory management error violates fundamental principles of resource acquisition and release, creating a situation where kernel memory structures remain allocated even when they should be freed. The issue is classified under CWE-404, which addresses improper resource management, specifically focusing on resource leaks that occur due to improper reference counting mechanisms.
The operational impact of this vulnerability extends beyond simple memory consumption issues to potentially affect system stability and performance. When multiple TLS connections are established and processed concurrently, the accumulation of leaked references can lead to progressive memory exhaustion, ultimately causing system slowdowns or even kernel oops situations. Attackers who can trigger the specific code path involving tls_sw_recvmsg may be able to amplify the memory leak effect through repeated operations, potentially leading to denial of service conditions. This vulnerability particularly affects systems running Linux kernels that implement software-based TLS processing, making it relevant to web servers, database systems, and any infrastructure that relies heavily on TLS connections.
Mitigation strategies for CVE-2024-35908 focus on applying the upstream kernel patch that reorders the reference acquisition and locking operations. The fix ensures that the psock reference is only taken after the rxlock has been successfully acquired, preventing the scenario where references remain unreleased. System administrators should prioritize applying the patched kernel version as soon as possible, particularly in environments handling high volumes of TLS traffic. The solution aligns with ATT&CK technique T1499.004, which involves resource exhaustion attacks, by addressing a potential vector where kernel memory resources could be systematically depleted. Organizations should also implement monitoring for unusual memory consumption patterns that might indicate the presence of this vulnerability, as well as maintain updated security patches for their kernel components to prevent exploitation of similar reference counting issues.