-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Security
-
Fully Compatible
-
Security 2023-05-01, Security 2023-05-15, Security 2023-05-29, Security 2023-06-12
-
8
RHEL 8's FIPS-compliant libcrypto.so library has a possible deadlock that is getting caught by TSAN. The potential deadlock appears to manifest during SSL context initialization and is only triggered when FIPS mode is enabled. Since the calling code occurs within a MONGO_INITIALIZER, which executes in a single-threaded context, and the bug itself is in third-party library code, we can avoid these BFs by simply preventing FIPS tests from running on TSAN builders.