Exploitation Summary
EIP tracks 2 public exploits for CVE-2024-58239. PoCs published by khoatran107.
AI-analyzed exploit summary This repository contains a working exploit for CVE-2024-58239, targeting a Linux kernel TLS vulnerability. The exploit includes client/server components to trigger the vulnerability and achieve privilege escalation, with scripts for local testing and success rate measurement.
Description
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list copies the non-DATA record - we start the loop and process the first available record since it's of the same type - we break out of the loop since the record was not DATA Just check the record type and jump to the end in case process_rx_list did some work.
Exploits (2)
This repository contains a working exploit for CVE-2024-58239, targeting a Linux kernel TLS vulnerability. The exploit includes client/server components to trigger the vulnerability and achieve privilege escalation, with scripts for local testing and success rate measurement.
This repository contains a working exploit for CVE-2025-39682, a variant of CVE-2024-58239, targeting a Linux kernel TLS vulnerability. The exploit achieves local privilege escalation by manipulating kernel memory structures and triggering a use-after-free condition.
References (7)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H