CVE-2026-23414
Received Received - Intake
Memory Leak in Linux Kernel TLS Async Decryption Component

Publication date: 2026-04-02

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tls_decrypt_async_wait() returns, every AEAD operation has completed and the engine no longer references those skbs, so they can be freed unconditionally. A subsequent patch adds batch async decryption to tls_sw_read_sock(), introducing a new call site that must drain pending AEAD operations and release held skbs. Move __skb_queue_purge(&ctx->async_hold) into tls_decrypt_async_wait() so the purge is centralized and every caller -- recvmsg's drain path, the -EBUSY fallback in tls_do_decryption(), and the new read_sock batch path -- releases held skbs on synchronization without each site managing the purge independently. This fixes a leak when tls_strp_msg_hold() fails part-way through, after having added some cloned skbs to the async_hold queue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to process all pending decrypts, and drop back to synchronous mode, but tls_sw_recvmsg() only flushes the async_hold queue when one record has been processed in "fully-async" mode, which may not be the case here. [[email protected]: added leak comment]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23414
EUVD
EUVD-2026-18195
Affected Vendors & Products
Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.18
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.11 (exc)
linux linux_kernel From 6.1.158 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.12.55 (inc) to 6.12.80 (exc)
linux linux_kernel From 6.17.5 (inc) to 6.18 (exc)
linux linux_kernel From 6.18.1 (inc) to 6.18.21 (exc)
linux linux_kernel From 6.6.114 (inc) to 6.6.131 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is fixed by a patch in the Linux kernel that purges the async_hold queue in tls_decrypt_async_wait(), ensuring that held skbs are released properly and preventing memory leaks.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Impact Analysis

This vulnerability can cause a memory leak in the Linux kernel's TLS processing. Over time, this leak could lead to increased memory usage, potentially degrading system performance or causing resource exhaustion. In environments with heavy TLS traffic, this might result in slower response times or even system instability if memory resources become critically low.

Executive Summary

This vulnerability involves a memory leak in the Linux kernel's TLS (Transport Layer Security) implementation. Specifically, the async_hold queue, which holds encrypted input socket buffers (skbs) during asynchronous AEAD (Authenticated Encryption with Associated Data) operations, was not always properly purged. When tls_strp_msg_hold() fails part-way after adding cloned skbs to the async_hold queue, these skbs were not released correctly because tls_sw_recvmsg() only flushed the queue under certain conditions. This could lead to a resource leak where memory buffers remain allocated longer than necessary.

The fix centralizes the purging of the async_hold queue inside the tls_decrypt_async_wait() function, ensuring that all callers release held skbs properly after AEAD operations complete, preventing the leak.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23414. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart