CVE-2024-58240
Published Aug 28, 2025
Last updated 11 days ago
Linux Kernel
AI description
Automated description summarized from trusted sources.
CVE-2024-58240 is a vulnerability in the Linux kernel's TLS subsystem related to how it handles non-asynchronous decryption requests. The vulnerability stems from the handling process when asynchronous operations are not in use. In these cases, the process is simplified, and reference counting is omitted, with the system only needing to wait for completion to wake up and return the result. The resolution involves using a separate crypto_wait for non-async operations. This issue was addressed in August 2025, and patches have been made available for the Linux kernel. System administrators are advised to apply the latest kernel updates to mitigate the vulnerability.
- Description
- In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix easier.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending