CVE-2024-0646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0646
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0723
https://access.redhat.com/errata/RHSA-2024:0724
https://access.redhat.com/errata/RHSA-2024:0725
https://access.redhat.com/errata/RHSA-2024:0850
https://access.redhat.com/errata/RHSA-2024:0851
https://access.redhat.com/errata/RHSA-2024:0876
https://access.redhat.com/errata/RHSA-2024:0881
https://access.redhat.com/errata/RHSA-2024:0897
https://access.redhat.com/errata/RHSA-2024:1248
https://access.redhat.com/errata/RHSA-2024:1250
https://access.redhat.com/errata/RHSA-2024:1251
https://access.redhat.com/errata/RHSA-2024:1253
https://access.redhat.com/errata/RHSA-2024:1268
https://access.redhat.com/errata/RHSA-2024:1269
https://access.redhat.com/errata/RHSA-2024:1278
https://access.redhat.com/errata/RHSA-2024:1306
https://access.redhat.com/errata/RHSA-2024:1367
https://access.redhat.com/errata/RHSA-2024:1368
https://access.redhat.com/errata/RHSA-2024:1377
https://access.redhat.com/errata/RHSA-2024:1382
https://access.redhat.com/errata/RHSA-2024:1404
https://access.redhat.com/security/cve/CVE-2024-0646 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253908 Issue Tracking Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

19 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1404 -

19 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1377 -
  • () https://access.redhat.com/errata/RHSA-2024:1382 -

19 Mar 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1367 -
  • () https://access.redhat.com/errata/RHSA-2024:1368 -

13 Mar 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1306 -

12 Mar 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1278 -

12 Mar 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1268 -
  • () https://access.redhat.com/errata/RHSA-2024:1269 -

12 Mar 2024, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1248 -
  • () https://access.redhat.com/errata/RHSA-2024:1250 -
  • () https://access.redhat.com/errata/RHSA-2024:1251 -
  • () https://access.redhat.com/errata/RHSA-2024:1253 -

20 Feb 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0881 -
  • () https://access.redhat.com/errata/RHSA-2024:0897 -

20 Feb 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0876 -

15 Feb 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0850 -
  • () https://access.redhat.com/errata/RHSA-2024:0851 -

07 Feb 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0723 -
  • () https://access.redhat.com/errata/RHSA-2024:0724 -
  • () https://access.redhat.com/errata/RHSA-2024:0725 -

24 Jan 2024, 21:04

Type Values Removed Values Added
Summary
  • (es) Se encontró un fallo de escritura de memoria fuera de los límites en la funcionalidad Transport Layer Security del kernel de Linux en la forma en que un usuario llama a una función splice con un socket ktls como destino. este fallo permite que un usuario local falle o potencialmente aumente sus privilegios en el sistema.
CWE CWE-787
References () https://access.redhat.com/security/cve/CVE-2024-0646 - () https://access.redhat.com/security/cve/CVE-2024-0646 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2253908 - () https://bugzilla.redhat.com/show_bug.cgi?id=2253908 - Issue Tracking, Patch
References () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 - () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 - Patch
First Time Redhat enterprise Linux
Linux linux Kernel
Linux
Redhat
CVSS v2 : unknown
v3 : 7.0 		v2 : unknown
v3 : 7.8
CPE cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*

17 Jan 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-17 16:15

Updated : 2024-03-19 23:15

NVD link : CVE-2024-0646

Mitre link : CVE-2024-0646

CVE.ORG link : CVE-2024-0646

JSON object : View

Products Affected

linux

  • linux_kernel

redhat

  • enterprise_linux
CWE
CWE-787

Out-of-bounds Write