CVE-2024-0646 | THREATINT

Description

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

PUBLISHED Reserved 2024-01-17 | Published 2024-01-17 | Updated 2025-11-06 | Assigner redhat

HIGH: 7.0CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

Default status

unaffected

Any version before 6.7-rc5

affected

Default status

affected

0:4.18.0-513.18.1.rt7.320.el8_9 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:4.18.0-513.18.1.el8_9 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.128.1.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.128.1.rt13.179.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.128.1.el8_2 (rpm) before *

unaffected

Default status

affected

0:4.18.0-193.128.1.el8_2 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.rt7.201.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

affected

0:4.18.0-305.125.1.el8_4 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:4.18.0-372.91.1.el8_6 (rpm) before *

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

0:4.18.0-477.51.1.el8_8 (rpm) before *

unaffected

Default status

affected

0:5.14.0-362.24.1.el9_3 (rpm) before *

unaffected

Default status

affected

0:5.14.0-362.24.1.el9_3 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:5.14.0-70.93.2.el9_0 (rpm) before *

unaffected

Default status

affected

0:5.14.0-70.93.1.rt21.165.el9_0 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:5.14.0-284.52.1.el9_2 (rpm) before *

unaffected

Default status

affected

0:5.14.0-284.52.1.rt14.337.el9_2 (rpm) before *

unaffected

Default status

unaffected

Default status

affected

0:4.18.0-372.91.1.el8_6 (rpm) before *

unaffected

Default status

affected

v5.8.6-22 (rpm) before *

unaffected

Default status

affected

v5.8.6-11 (rpm) before *

unaffected

Default status

affected

v6.8.1-407 (rpm) before *

unaffected

Default status

affected

v5.8.6-19 (rpm) before *

unaffected

Default status

affected

v1.0.0-479 (rpm) before *

unaffected

Default status

affected

v5.8.6-7 (rpm) before *

unaffected

Default status

affected

v0.4.0-247 (rpm) before *

unaffected

Default status

affected

v5.8.6-5 (rpm) before *

unaffected

Default status

affected

v1.1.0-227 (rpm) before *

unaffected

Default status

affected

v5.8.1-470 (rpm) before *

unaffected

Default status

affected

v2.9.6-14 (rpm) before *

unaffected

Default status

affected

v5.8.6-2 (rpm) before *

unaffected

Default status

affected

v5.8.6-24 (rpm) before *

unaffected

Default status

affected

v5.8.6-10 (rpm) before *

unaffected

Default status

affected

v0.1.0-525 (rpm) before *

unaffected

Default status

affected

v0.1.0-224 (rpm) before *

unaffected

Default status

affected

v0.28.1-56 (rpm) before *

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Timeline

2024-01-17:	Reported to Red Hat.
2023-12-07:	Made public.

References

access.redhat.com/errata/RHSA-2024:0723 (RHSA-2024:0723) vendor-advisory

access.redhat.com/errata/RHSA-2024:0724 (RHSA-2024:0724) vendor-advisory

access.redhat.com/errata/RHSA-2024:0725 (RHSA-2024:0725) vendor-advisory

access.redhat.com/errata/RHSA-2024:0850 (RHSA-2024:0850) vendor-advisory

access.redhat.com/errata/RHSA-2024:0851 (RHSA-2024:0851) vendor-advisory

access.redhat.com/errata/RHSA-2024:0876 (RHSA-2024:0876) vendor-advisory

access.redhat.com/errata/RHSA-2024:0881 (RHSA-2024:0881) vendor-advisory

access.redhat.com/errata/RHSA-2024:0897 (RHSA-2024:0897) vendor-advisory

access.redhat.com/errata/RHSA-2024:1248 (RHSA-2024:1248) vendor-advisory

access.redhat.com/errata/RHSA-2024:1250 (RHSA-2024:1250) vendor-advisory

access.redhat.com/errata/RHSA-2024:1251 (RHSA-2024:1251) vendor-advisory

access.redhat.com/errata/RHSA-2024:1253 (RHSA-2024:1253) vendor-advisory

access.redhat.com/errata/RHSA-2024:1268 (RHSA-2024:1268) vendor-advisory

access.redhat.com/errata/RHSA-2024:1269 (RHSA-2024:1269) vendor-advisory

access.redhat.com/errata/RHSA-2024:1278 (RHSA-2024:1278) vendor-advisory

access.redhat.com/errata/RHSA-2024:1306 (RHSA-2024:1306) vendor-advisory

access.redhat.com/errata/RHSA-2024:1367 (RHSA-2024:1367) vendor-advisory

access.redhat.com/errata/RHSA-2024:1368 (RHSA-2024:1368) vendor-advisory

access.redhat.com/errata/RHSA-2024:1377 (RHSA-2024:1377) vendor-advisory

access.redhat.com/errata/RHSA-2024:1382 (RHSA-2024:1382) vendor-advisory

access.redhat.com/errata/RHSA-2024:1404 (RHSA-2024:1404) vendor-advisory

access.redhat.com/errata/RHSA-2024:2094 (RHSA-2024:2094) vendor-advisory

access.redhat.com/security/cve/CVE-2024-0646 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2253908 (RHBZ#2253908) issue-tracking

git.kernel.org/...orvalds/linux.git/commit/?id=c5a595000e267

lists.debian.org/debian-lts-announce/2024/06/msg00016.html

access.redhat.com/errata/RHSA-2024:0723 (RHSA-2024:0723) vendor-advisory

access.redhat.com/errata/RHSA-2024:0724 (RHSA-2024:0724) vendor-advisory

access.redhat.com/errata/RHSA-2024:0725 (RHSA-2024:0725) vendor-advisory

access.redhat.com/errata/RHSA-2024:0850 (RHSA-2024:0850) vendor-advisory

access.redhat.com/errata/RHSA-2024:0851 (RHSA-2024:0851) vendor-advisory

access.redhat.com/errata/RHSA-2024:0876 (RHSA-2024:0876) vendor-advisory

access.redhat.com/errata/RHSA-2024:0881 (RHSA-2024:0881) vendor-advisory

access.redhat.com/errata/RHSA-2024:0897 (RHSA-2024:0897) vendor-advisory

access.redhat.com/errata/RHSA-2024:1248 (RHSA-2024:1248) vendor-advisory

access.redhat.com/errata/RHSA-2024:1250 (RHSA-2024:1250) vendor-advisory

access.redhat.com/errata/RHSA-2024:1251 (RHSA-2024:1251) vendor-advisory

access.redhat.com/errata/RHSA-2024:1253 (RHSA-2024:1253) vendor-advisory

access.redhat.com/errata/RHSA-2024:1268 (RHSA-2024:1268) vendor-advisory

access.redhat.com/errata/RHSA-2024:1269 (RHSA-2024:1269) vendor-advisory

access.redhat.com/errata/RHSA-2024:1278 (RHSA-2024:1278) vendor-advisory

access.redhat.com/errata/RHSA-2024:1306 (RHSA-2024:1306) vendor-advisory

access.redhat.com/errata/RHSA-2024:1367 (RHSA-2024:1367) vendor-advisory

access.redhat.com/errata/RHSA-2024:1368 (RHSA-2024:1368) vendor-advisory

access.redhat.com/errata/RHSA-2024:1377 (RHSA-2024:1377) vendor-advisory

access.redhat.com/errata/RHSA-2024:1382 (RHSA-2024:1382) vendor-advisory

access.redhat.com/errata/RHSA-2024:1404 (RHSA-2024:1404) vendor-advisory

access.redhat.com/errata/RHSA-2024:2094 (RHSA-2024:2094) vendor-advisory

access.redhat.com/security/cve/CVE-2024-0646 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2253908 (RHBZ#2253908) issue-tracking

git.kernel.org/...orvalds/linux.git/commit/?id=c5a595000e267

cve.org (CVE-2024-0646)

nvd.nist.gov (CVE-2024-0646)

Download JSON