Vulnerability in the Linux Kernel Affecting TLS Implementation
CVE-2024-58240

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 August 2025

What is CVE-2024-58240?

In the Linux kernel, a vulnerability was identified within the TLS implementation that involves handling of asynchronous decryption requests. The recent changes streamline the processing of non-asynchronous requests by eliminating unnecessary reference counting, thus simplifying the handling process. With appropriate synchronization mechanisms in place, the risk of potential race conditions—it was previously mitigated—has been reduced, making subsequent fixes more manageable. This vulnerability emphasizes the importance of efficient handling in encryption protocols within the kernel to enhance overall system security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 999115298017a675d8ddf61414fc7a85c89f1186

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 41532b785e9d79636b3815a64ddf6a096647d011

References

https://git.kernel.org/stable/c/dec5b6e7b211e405d3bcb5045...

https://git.kernel.org/stable/c/999115298017a675d8ddf6141...

https://git.kernel.org/stable/c/41532b785e9d79636b3815a64...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Apr 16, 2025