CVE-2024-0646 — Out-of-bounds Write in Kernel
Severity
7.8HIGHNVD
CNA7.0
EPSS
0.0%
top 95.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 17
Latest updateApr 8
Description
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Enterprise Linux 8.0, 9.0
Patches
🔴Vulnerability Details
3CVEList▶
Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination↗2024-01-17
GHSA▶
GHSA-qmff-49xc-7rf6: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a↗2024-01-17
OSV▶
CVE-2024-0646: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a↗2024-01-17
📋Vendor Advisories
18Palo Alto
▶