Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA Just check the record type and jump to the end in case process_rx_list did some work.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.1, < 5.4.270 |
References
- https://git.kernel.org/stable/c/31e10d6cb0c9532ff070cf50da1657c3acee9276Patch
- https://git.kernel.org/stable/c/3b952d8fdfcf6fd8ea0b8954bc9277642cf0977fPatch
- https://git.kernel.org/stable/c/4338032aa90bd1d5b33a4274e8fa8347cda5ee09Patch
- https://git.kernel.org/stable/c/6756168add1c6c3ef1c32c335bb843a5d1f99a75Patch
- https://git.kernel.org/stable/c/a4ed943882a8fc057ea5a67643314245e048bbddPatch
- https://git.kernel.org/stable/c/f310143961e2d9a0479fca117ce869f8aaecc140Patch
- https://git.kernel.org/stable/c/fdfbaec5923d9359698cbb286bc0deadbb717504Patch
FAQ
What is CVE-2024-58239?
CVE-2024-58239 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the...
How severe is CVE-2024-58239?
CVE-2024-58239 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-58239?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.