cbcvebase.
CVE-2024-0646
published 2024-01-17

CVE-2024-0646: An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
debianlinux< linux 6.1.69-1 (bookworm)linux 6.1.69-1 (bookworm)
googlechrome_chrome
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.10.209-15.10.209-1
linuxlinux_kernel>= 0 < 6.1.69-16.1.69-1
linuxlinux_kernel>= 0 < 6.6.8-16.6.8-1
linuxlinux_kernel>= 0 < 6.6.8-16.6.8-1
linuxlinux_kernel>= 0 < 5.4.0-172.1905.4.0-172.190
linuxlinux_kernel>= 0 < 5.15.0-97.1075.15.0-97.107
linuxlinux_kernel>= 0 < 4.4.0-251.2854.4.0-251.285
linuxlinux_kernel>= 0 < 4.4.0-252.2864.4.0-252.286
linuxlinux_kernel>= 0 < 4.15.0-222.2334.15.0-222.233
linuxlinux_kernel>= 0 < 4.15.0-223.2354.15.0-223.235
linuxlinux_kernel>= 0 < 5.4.0-172.1905.4.0-172.190
linuxlinux_kernel>= 0 < 5.4.0-174.1935.4.0-174.193
linuxlinux_kernel>= 0 < 5.15.0-97.1075.15.0-97.107
linuxlinux_kernel>= 0 < 5.15.0-101.1115.15.0-101.111
linuxlinux_kernel>= 4.20 < 5.4.2675.4.267
linuxlinux_kernel>= 5.11 < 5.15.1475.15.147
linuxlinux_kernel>= 5.16 < 6.1.696.1.69
linuxlinux_kernel>= 5.5 < 5.10.2085.10.208
linuxlinux_kernel>= 6.2 < 6.6.76.6.7
msrcazl3_kernel_6.6.35.1-4_on_azure_linux_3.0
msrcazl3_kernel_6.6.47.1-1_on_azure_linux_3.0
msrccbl2_kernel_5.15.153.1-1_on_cbl_mariner_2.0

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH