{
  "threat_severity" : "Moderate",
  "public_date" : "2025-08-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: tls: stop recv() if initial process_rx_list gave us non-DATA",
    "id" : "2390320",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2390320"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-241",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ntls: stop recv() if initial process_rx_list gave us non-DATA\nIf we have a non-DATA record on the rx_list and another record of the\nsame type still on the queue, we will end up merging them:\n- process_rx_list copies the non-DATA record\n- we start the loop and process the first available record since it's\nof the same type\n- we break out of the loop since the record was not DATA\nJust check the record type and jump to the end in case process_rx_list\ndid some work." ],
  "statement" : "The TLS recv path could mistakenly continue processing after process_rx_list() copied a non-DATA record, leading to merging of adjacent control records and inconsistent semantics. The fix makes recvmsg() stop immediately if the first processed record isn’t application data, preventing misinterpretation of TLS alerts/handshakes as data flow. Exploitation requires kTLS to be enabled and carefully crafted record sequencing, so the practical impact is limited to minor DoS of a TLS socket rather than confidentiality or integrity compromise.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-12T00:00:00Z",
    "advisory" : "RHSA-2024:9315",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-503.11.1.el9_5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-58239\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58239\nhttps://lore.kernel.org/linux-cve-announce/2025082210-CVE-2024-58239-dd4f@gregkh/T" ],
  "name" : "CVE-2024-58239",
  "csaw" : false
}