Linux Kernel Vulnerability in TLS Processing Affects Multiple Distributions
CVE-2024-58239

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2024-58239?

A vulnerability in the Linux kernel's TLS processing mechanism could lead to improper handling of certain types of incoming records. Specifically, when the process_rx_list function encounters a non-DATA record on the reception list, it may inadvertently merge it with other records still queued for processing. This flaw can disrupt the intended data flow, potentially allowing further records of the same type to be processed incorrectly. The vulnerability necessitates a more stringent validation mechanism to ensure proper record types are handled appropriately, thus preventing any unintended merging and subsequent processing errors.

Affected Version(s)

Linux 692d7b5d1f9125a1cf0595e979e3b5fb7210547e

Linux 692d7b5d1f9125a1cf0595e979e3b5fb7210547e < 31e10d6cb0c9532ff070cf50da1657c3acee9276

Linux 692d7b5d1f9125a1cf0595e979e3b5fb7210547e < 4338032aa90bd1d5b33a4274e8fa8347cda5ee09

References

https://git.kernel.org/stable/c/f310143961e2d9a0479fca117...

https://git.kernel.org/stable/c/31e10d6cb0c9532ff070cf50d...

https://git.kernel.org/stable/c/4338032aa90bd1d5b33a4274e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025