Vulnerability Details : CVE-2024-0646
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Products affected by CVE-2024-0646
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-0646
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-0646
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-01-24 |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Red Hat, Inc. | 2024-01-17 |
CWE ids for CVE-2024-0646
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
-
The device does not write-protect the parametric data values for sensors that scale the sensor value, allowing untrusted software to manipulate the apparent result and potentially damage hardware or cause operational failure.Assigned by: secalert@redhat.com (Primary)
References for CVE-2024-0646
-
https://access.redhat.com/errata/RHSA-2024:0881
RHSA-2024:0881 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
[SECURITY] [DLA 3841-1] linux-5.10 security update
-
https://access.redhat.com/errata/RHSA-2024:1250
RHSA-2024:1250 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2024-0646
CVE-2024-0646- Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1269
RHSA-2024:1269 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1251
RHSA-2024:1251 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1368
RHSA-2024:1368 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0850
RHSA-2024:0850 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1278
RHSA-2024:1278 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1248
RHSA-2024:1248 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0725
RHSA-2024:0725 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2253908
2253908 – (CVE-2024-0646) CVE-2024-0646 kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destinationIssue Tracking;Patch
-
https://access.redhat.com/errata/RHSA-2024:0724
RHSA-2024:0724 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1367
RHSA-2024:1367 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0897
RHSA-2024:0897 - Security Advisory - Portail Client Red HatThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1306
RHSA-2024:1306 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1382
RHSA-2024:1382 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0876
RHSA-2024:0876 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1253
RHSA-2024:1253 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:0723
RHSA-2024:0723 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:2094
RHSA-2024:2094 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1377
RHSA-2024:1377 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1404
RHSA-2024:1404 - Security Advisory - Red Hat カスタマーポータルThird Party Advisory
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267
net: tls, update curr on splice as well - kernel/git/torvalds/linux.git - Linux kernel source treePatch
-
https://access.redhat.com/errata/RHSA-2024:0851
RHSA-2024:0851 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2024:1268
RHSA-2024:1268 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to