CVE-2024-58239 in Linuxinfo

Summary

by MITRE • 08/22/2025

In the Linux kernel, the following vulnerability has been resolved:

tls: stop recv() if initial process_rx_list gave us non-DATA

If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA

Just check the record type and jump to the end in case process_rx_list did some work.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/28/2026

The vulnerability identified as CVE-2024-58239 resides within the Linux kernel's Transport Layer Security implementation, specifically affecting the TLS protocol handling mechanisms. This flaw manifests in the tls subsystem where the kernel processes received TLS records through the process_rx_list function. The issue occurs during the processing of incoming TLS traffic where the system maintains a receive list of records that need to be processed. When the system encounters a non-DATA record within this receive list, it creates a scenario where subsequent processing logic fails to properly handle the record type distinction, leading to potential operational disruptions.

The technical root cause of this vulnerability stems from improper handling of record type checking within the TLS receive processing loop. When process_rx_list function processes records and encounters a non-DATA record, the system continues to iterate through the queue even when subsequent records of the same type remain. This creates a condition where records are inadvertently merged or processed incorrectly, particularly when the system should terminate processing upon encountering non-DATA records. The flaw represents a classic state management issue where the system fails to properly validate record types before proceeding with processing operations, violating fundamental principles of protocol compliance and data integrity.

The operational impact of this vulnerability extends beyond simple protocol handling failures, potentially creating security risks through protocol manipulation or denial of service conditions. Attackers could exploit this weakness by crafting specific TLS traffic patterns that trigger the flawed record processing logic, potentially causing the kernel to behave unpredictably during TLS session processing. This vulnerability affects systems that rely on Linux kernel TLS implementations for secure communications, particularly impacting network services that handle substantial TLS traffic. The issue could lead to connection disruptions, data corruption, or in worst-case scenarios, potential information disclosure through improper TLS record handling.

This vulnerability aligns with CWE-129, which addresses improper handling of record types in cryptographic protocols, and demonstrates characteristics consistent with ATT&CK technique T1566 related to credential access through protocol manipulation. The fix implemented addresses the core issue by adding explicit record type checking that causes the processing loop to terminate immediately when process_rx_list has performed work on non-DATA records. This approach prevents the merging or incorrect processing of records while maintaining the integrity of the TLS protocol stack. The mitigation strategy focuses on proper state validation before continuing processing, ensuring that non-DATA records are handled appropriately without allowing the system to proceed with potentially incompatible record types.

Security practitioners should prioritize patching systems running affected Linux kernel versions to prevent exploitation of this vulnerability. The fix represents a defensive programming approach that prevents state corruption during TLS processing and aligns with security best practices for protocol implementation. Organizations maintaining TLS-enabled services should monitor their kernel versions and apply the patch as soon as possible, as this vulnerability could potentially be leveraged in attacks targeting TLS session integrity or availability. The resolution demonstrates the importance of proper protocol state management in cryptographic implementations and highlights the critical nature of thorough testing for edge cases in security-sensitive kernel code.

Responsible

Linux

Reservation

04/16/2025

Disclosure

08/22/2025

Moderation

accepted

CPE

ready

EPSS

0.00175

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!