cve/2024/CVE-2024-58240.md

### [CVE-2024-58240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58240)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3c4d7559159bfe1e3b94df3a657b2cda3a34e218%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.13%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

In the Linux kernel, the following vulnerability has been resolved:tls: separate no-async decryption request handling from asyncIf we're not doing async, the handling is much simpler. There's noreference counting, we just need to wait for the completion to wake usup and return its result.We should preferably also use a separate crypto_wait. I'm not seeing aUAF as I did in the past, I think aec7961916f3 ("tls: fix race betweenasync notify and socket close") took care of it.This will make the next fix easier.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/w4zu/Debian_security
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-58240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-58240)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3c4d7559159bfe1e3b94df3a657b2cda3a34e218%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.13%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:tls: separate no-async decryption request handling from asyncIf we're not doing async, the handling is much simpler. There's noreference counting, we just need to wait for the completion to wake usup and return its result.We should preferably also use a separate crypto_wait. I'm not seeing aUAF as I did in the past, I think aec7961916f3 ("tls: fix race betweenasync notify and socket close") took care of it.This will make the next fix easier.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/w4zu/Debian_security`