LiveActive security incident?Get immediate response
CVE Record

CVE-2024-58240: tls: separate no-async decryption request handling from async

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We should preferably also use a separate crypto_wait. I'm not seeing a UAF as I did in the past, I think aec7961916f3 ("tls: fix race between async notify and socket close") took care of it. This will make the next fix easier.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2024-58240 is a Linux kernel TLS handling issue. The public record says kernel TLS decryption handling was corrected, but it does not provide CVSS, CWE, attacker requirements, or a clear business impact. Treat this as a kernel maintenance exposure requiring vendor patch tracking, not as confirmed active exploitation.

Executive priority

Set priority to monitored patch management. Escalate if affected kernels support externally exposed services or vendor advisories later assign meaningful impact. Current public evidence is incomplete and does not justify emergency response by itself.

Technical view

The fix separates synchronous, no-async TLS decryption request handling from async handling. The description says the simpler path should wait for completion and return its result without reference counting. It also notes no observed use-after-free in this change, likely due to an earlier race fix.

Likely exposure

Exposure is likely limited to systems running affected Linux kernel versions with kernel TLS code present. The bundle lists Linux kernel versions and stable commit references, plus Debian LTS and Siemens advisories, but does not identify specific distributions, products, or configurations beyond those sources.

Exploitation context

No active exploitation is supported by the provided sources. KEV is false, and the bundle gives no exploitability details, proof of concept, attacker position, or impact class. Any exploitation assessment should remain tentative until vendor advisories provide more detail.

Researcher notes

The record reads like a kernel TLS code-correction entry with sparse vulnerability detail. Avoid assuming UAF exploitation: the description explicitly says the author is not seeing a UAF and references a prior race fix. Validate against downstream advisories and commit inclusion.

Mitigation direction

  • Check your Linux vendor advisory for CVE-2024-58240 applicability.
  • Apply kernel updates that include the referenced stable fixes.
  • Prioritize internet-facing Linux systems and appliances using TLS-heavy workloads.
  • Review Debian LTS and Siemens guidance if those environments are present.
  • Track vendor release notes for any additional mitigation instructions.

Validation and detection

  • Inventory running kernel versions across Linux servers and appliances.
  • Compare installed kernels against vendor fixed-version guidance.
  • Confirm whether kernel TLS features are enabled or used.
  • Verify patched kernels include one of the referenced stable commits.
  • Document systems relying on Siemens or Debian advisory coverage.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-58240 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
2ADP providers
7Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux3c4d7559159bfe1e3b94df3a657b2cda3a34e218, 3c4d7559159bfe1e3b94df3a657b2cda3a34e218, 3c4d7559159bfe1e3b94df3a657b2cda3a34e218, 3c4d7559159bfe1e3b94df3a657b2cda3a34e218unaffected
LinuxLinux4.13, 0, 6.1.149, 6.6.21, 6.7.9, 6.8affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.