{
  "repository": "torvalds/linux",
  "commit_source": "release_tag_resolution",
  "commit_sha": "v6.6.18",
  "submitted_target": {
    "target_kind": "linux_kernel_source",
    "commit_sha": "32b55c5ff9103b8508c1e04bfa5a08c64e7a925f",
    "version": "6.6.18",
    "ref": "v6.6.18",
    "display": "Linux v6.6.18 with CVE-2024-26582 fix 32b55c5 (free_sgout)"
  },
  "variant_target": {
    "target_kind": "linux_kernel_source",
    "commit_sha": "v6.6.18",
    "version": "6.6.18",
    "ref": "v6.6.18 + ebusy_force.patch (32b55c5 present, 13114dc absent)",
    "display": "Linux v6.6.18 (free_sgout present, async_done absent) + ebusy_force.patch (bypass kernel, build #8)"
  },
  "source_origin": "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.6.18.tar.xz",
  "kernel_version_string": "Linux version 6.6.18 (vscode@2d5e7a9675e0) (gcc (Ubuntu 15.2.0-16ubuntu1) 15.2.0, GNU ld (GNU Binutils for Ubuntu) 2.46) #8 SMP PREEMPT_DYNAMIC Tue Jul  7 14:33:46 UTC 2026",
  "makefile_version": {
    "VERSION": "6",
    "PATCHLEVEL": "6",
    "SUBLEVEL": "18",
    "EXTRAVERSION": ""
  },
  "patches_applied_to_base": [
    "repro: GCC15 compat (arch/x86/Makefile, arch/x86/boot/compressed/Makefile, drivers/firmware/efi/libstub/Makefile)",
    "repro: crypto/simd.c force-async (if (1 || !crypto_simd_usable) -> always defer to cryptd) simulating an async/hardware crypto accelerator",
    "repro: KASAN-generic-inline + page_poisoning .config (CONFIG_TLS, CONFIG_KASAN, CONFIG_CRYPTO_CRYPTD/SIMD/GCM/AES/AES_NI_INTEL, CONFIG_PAGE_POISONING, ...)",
    "variant: ebusy_force.patch -> tls_do_decryption forces -EINPROGRESS to -EBUSY for async decrypts (simulates crypto backlog congestion)",
    "variant(gap-closure kernel only): apply_fix13114dc.py -> adapts upstream 13114dc (async_done) to v6.6.18"
  ],
  "fix_presence": {
    "32b55c5_free_sgout": "present (tls_sw.c:66 bool free_sgout; tls_sw.c:227 if (dctx->free_sgout); tls_sw.c:1585 dctx->free_sgout = !!pages)",
    "13114dc_async_done": "absent (grep -c async_done net/tls/tls_sw.c.orig == 0)",
    "859054147318_backlog_handling": "present (tls_do_decryption -EBUSY block at tls_sw.c:283-291)"
  },
  "notes": "The tested base is the kernel.org v6.6.18 release tarball (no git metadata in the extract), so the exact upstream commit SHA was resolved by release-tag resolution (v6.6.18) rather than git rev-parse. The bypass kernel (build #8) is v6.6.18 + repro instrumentation + ebusy_force.patch; it contains 32b55c5 (the ticket fix) but NOT 13114dc, which is the gap this variant exploits. The gap-closure kernel (build #9) additionally applies an adaptation of 13114dc and shows no UAF. The shared source tree is restored to pristine (tls_sw.c.orig) after every variant build."
}
