Description

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix easier.

INFO

Published Date :

2025-08-28T09:40:33.466Z

Last Modified :

2025-11-03T17:31:32.503Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-58240 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-58240.

URL Resource
https://git.kernel.org/stable/c/41532b785e9d79636b3815a64ddf6a096647d011 cve-icon cve-icon
https://git.kernel.org/stable/c/48905146d11dbf1ddbb2967319016a83976953f5 cve-icon cve-icon
https://git.kernel.org/stable/c/999115298017a675d8ddf61414fc7a85c89f1186 cve-icon cve-icon
https://git.kernel.org/stable/c/dec5b6e7b211e405d3bcb504562ab21aa7e5a64d cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025082836-CVE-2024-58240-b2b3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-58240 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-58240 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact