CVE-2024-58239
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-26
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.8 |
| linux | linux_kernel | 6.8 |
| linux | linux_kernel | 6.8 |
| linux | linux_kernel | 6.8 |
| linux | linux_kernel | 6.8 |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's TLS implementation occurs when the recv() function processes a non-DATA record on the receive list (rx_list). If there is a non-DATA record and another record of the same type still queued, the code merges them incorrectly. Specifically, process_rx_list copies the non-DATA record, then processing starts on the first available record of the same type, but the loop breaks early because the record is not DATA. This improper handling can lead to unexpected behavior in processing TLS records.
How can this vulnerability impact me? :
The vulnerability can cause incorrect processing of TLS records in the Linux kernel, potentially leading to unexpected or erroneous behavior in network communications that rely on TLS. This could affect the reliability or security of encrypted communications handled by the kernel's TLS implementation.