CVE-2024-58239
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA Just check the record type and jump to the end in case process_rx_list did some work.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-15
NVD
CVE-2024-58239
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel 6.8
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's TLS implementation occurs when the recv() function processes a non-DATA record on the receive list (rx_list). If there is a non-DATA record and another record of the same type still queued, the code merges them incorrectly. Specifically, process_rx_list copies the non-DATA record, then processing starts on the first available record of the same type, but the loop breaks early because the record is not DATA. This improper handling can lead to unexpected behavior in processing TLS records.

Impact Analysis

The vulnerability can cause incorrect processing of TLS records in the Linux kernel, potentially leading to unexpected or erroneous behavior in network communications that rely on TLS. This could affect the reliability or security of encrypted communications handled by the kernel's TLS implementation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart