CVE-2024-0646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0646
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2024:0723 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0850 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0851 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0876 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1250 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1251 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1253 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1268 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1269 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1278 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1306 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1367 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1368 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1377 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1382 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1404 Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2094 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-0646 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253908 Issue Tracking Patch
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
History

16 Oct 2024, 15:15

Type Values Removed Values Added
CWE CWE-1314

14 Sep 2024, 00:15

Type Values Removed Values Added
References
  • {'url': 'https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'source': 'secalert@redhat.com'}

27 Aug 2024, 14:55

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:0723 - () https://access.redhat.com/errata/RHSA-2024:0723 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0724 - () https://access.redhat.com/errata/RHSA-2024:0724 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0725 - () https://access.redhat.com/errata/RHSA-2024:0725 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0850 - () https://access.redhat.com/errata/RHSA-2024:0850 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0851 - () https://access.redhat.com/errata/RHSA-2024:0851 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0876 - () https://access.redhat.com/errata/RHSA-2024:0876 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0881 - () https://access.redhat.com/errata/RHSA-2024:0881 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:0897 - () https://access.redhat.com/errata/RHSA-2024:0897 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1248 - () https://access.redhat.com/errata/RHSA-2024:1248 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1250 - () https://access.redhat.com/errata/RHSA-2024:1250 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1251 - () https://access.redhat.com/errata/RHSA-2024:1251 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1253 - () https://access.redhat.com/errata/RHSA-2024:1253 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1268 - () https://access.redhat.com/errata/RHSA-2024:1268 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1269 - () https://access.redhat.com/errata/RHSA-2024:1269 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1278 - () https://access.redhat.com/errata/RHSA-2024:1278 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1306 - () https://access.redhat.com/errata/RHSA-2024:1306 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1367 - () https://access.redhat.com/errata/RHSA-2024:1367 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1368 - () https://access.redhat.com/errata/RHSA-2024:1368 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1377 - () https://access.redhat.com/errata/RHSA-2024:1377 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1382 - () https://access.redhat.com/errata/RHSA-2024:1382 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:1404 - () https://access.redhat.com/errata/RHSA-2024:1404 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2024:2094 - () https://access.redhat.com/errata/RHSA-2024:2094 - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html - Issue Tracking, Third Party Advisory

08 Jul 2024, 18:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:2094 -

25 Jun 2024, 21:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html -

19 Mar 2024, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1404 -

19 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1377 -
  • () https://access.redhat.com/errata/RHSA-2024:1382 -

19 Mar 2024, 05:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1367 -
  • () https://access.redhat.com/errata/RHSA-2024:1368 -

13 Mar 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1306 -

12 Mar 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1278 -

12 Mar 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1268 -
  • () https://access.redhat.com/errata/RHSA-2024:1269 -

12 Mar 2024, 04:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:1248 -
  • () https://access.redhat.com/errata/RHSA-2024:1250 -
  • () https://access.redhat.com/errata/RHSA-2024:1251 -
  • () https://access.redhat.com/errata/RHSA-2024:1253 -

20 Feb 2024, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0881 -
  • () https://access.redhat.com/errata/RHSA-2024:0897 -

20 Feb 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0876 -

15 Feb 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0850 -
  • () https://access.redhat.com/errata/RHSA-2024:0851 -

07 Feb 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0723 -
  • () https://access.redhat.com/errata/RHSA-2024:0724 -
  • () https://access.redhat.com/errata/RHSA-2024:0725 -

24 Jan 2024, 21:04

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:6.7:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.7:rc3:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2024-0646 - () https://access.redhat.com/security/cve/CVE-2024-0646 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2253908 - () https://bugzilla.redhat.com/show_bug.cgi?id=2253908 - Issue Tracking, Patch
References () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 - () https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 - Patch
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
CWE CWE-787

17 Jan 2024, 17:35

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-17 16:15

Updated : 2024-10-16 15:15

NVD link : CVE-2024-0646

Mitre link : CVE-2024-0646

CVE.ORG link : CVE-2024-0646

JSON object : View

Products Affected

redhat

  • enterprise_linux

linux

  • linux_kernel
CWE
CWE-1314

Missing Write Protection for Parametric Data Values

CWE-787

Out-of-bounds Write