CVE-2024-58239 – “Linux TLS Merger Vulnerability”

CVE ID : CVE-2024-58239

Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 11 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

tls: stop recv() if initial process_rx_list gave us non-DATA

If we have a non-DATA record on the rx_list and another record of the
same type still on the queue, we will end up merging them:
– process_rx_list copies the non-DATA record
– we start the loop and process the first available record since it’s
of the same type
– we break out of the loop since the record was not DATA

Just check the record type and jump to the end in case process_rx_list
did some work.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…