Impact
The Linux kernel TLS subsystem can fail to abort a connection after detecting an invalid record late in the parsing process. The code reads data from a socket before fully verifying the record length, which allows a crafted TLS header to cause an overflow of the allocated socket buffer space during parsing. This overflow can corrupt kernel memory; the resulting damage can lead to loss of confidentiality, integrity, or availability, potentially allowing an attacker to execute arbitrary code. The likely attack vector is inferred from the description to require an attacker to send an out‑of‑band TLS header followed by a larger normal send, a complex but feasible scenario.
Affected Systems
The bug impacts Linux kernel versions 6.17 release candidates 1 through 6. No other vendor products are referenced. The affected component is the kernel’s TLS subsystem, which resides in the Linux kernel itself.
Risk and Exploitability
The CVSS score of 9.8 indicates a critical severity. The EPSS score of 9% reflects a moderate probability that the vulnerability will be exploited in the wild, while it is not yet listed in the CISA KEV catalog. For exploitation, an attacker would need to craft a TLS header sent in a small out‑of‑band fragment and then deliver a larger normal packet to trigger the buffer overflow. Given the high impact and the confirmed kernel code path, a proactive mitigation is warranted.
OpenCVE Enrichment
Debian DLA
Debian DSA
EUVD
Ubuntu USN