CVE-2024-58240Use After Free in Linux

CWE-416Use After Free7 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 95.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 28

Description

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will m

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel4.136.1.149+3
Debianlinux/linux_kernel< 6.1.153-1+2
CVEListV5linux/linux3c4d7559159bfe1e3b94df3a657b2cda3a34e21848905146d11dbf1ddbb2967319016a83976953f5+4

Also affects: Debian Linux 11.0

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2024-58240: In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing a2025-08-28
CVEList
tls: separate no-async decryption request handling from async2025-08-28
GHSA
GHSA-fpx7-665w-c5c9: In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing2025-08-28

📋Vendor Advisories

3
Red Hat
kernel: tls: separate no-async decryption request handling from async2025-08-28
Microsoft
tls: separate no-async decryption request handling from async2025-08-12
Debian
CVE-2024-58240: linux - In the Linux kernel, the following vulnerability has been resolved: tls: separa...2024
CVE-2024-58240 — Use After Free in Linux | cvebase