net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

commit 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 upstream.

ctx-> is not protected by lock_sock in
do_tls_getsockopt_conf(). A race condition between do_tls_getsockopt_conf()
and error paths of do_tls_setsockopt_conf() may lead to a use-after-free
or null-deref.

More discussion:

RELEASE_NOTE=Fixes CVE-2023-28466 in the Linux kernel.

Fixes: 3c4d7559159b ("tls: kernel TLS support")
Signed-off-by: Hangyu Hua <>
Signed-off-by: Jakub Kicinski <>
Signed-off-by: Meena Shanmugam <>

cos-patch: security-high
Change-Id: I70e2f7e38583ec2508493584516dfd793080bab6
Reviewed-by: Oleksandr Tymoshenko <>
Main-Branch-Verified: Cusky Presubmit Bot <>
Tested-by: Cusky Presubmit Bot <>
1 file changed