=== CVE-2024-26582 backlog-decrypt UAF variant (bypass of 32b55c5) === [variant] cache dir: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf [variant] vulnebusy kernel cached: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-vuln-ebusy [variant] fixed kernel cached: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-final [variant] ebusy kernel cached: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-ebusy [variant] ebusy13114 kernel cached: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-ebusy-13114dc [variant] variant initramfs cached [variant] QEMU: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-vuln-ebusy [variant] QEMU: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-final [variant] QEMU: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-ebusy [variant] QEMU: /data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf/bzImage-ktls-fixed-ebusy-13114dc [variant] RESULTS: [variant] vuln(32b55c5 reverted)+ebusy KASAN=1 (variant on vulnerable) [variant] fixed(32b55c5) no backlog KASAN=0 (baseline) [variant] fixed(32b55c5)+ebusy KASAN=1 (BYPASS on fixed) [variant] fixed(32b55c5)+ebusy+13114dc KASAN=0 (gap closed) [variant] CONFIRMED BYPASS: 32b55c5 (free_sgout) is insufficient under crypto [variant] backlog congestion; the failed-backlog-decryption UAF (13114dc) is [variant] triggered on the FIXED v6.6.18 kernel and closed by 13114dc. [variant] (vuln+ebusy KASAN=1 corroborates the variant on the vulnerable tree.) BYPASS_CONFIRMED