CVE-2024-0646

CVSS v3.1 7.8 (High)

EPSS 0.04 % (11^th)

Affected Products 2

Advisories 20

NVD Status Modified

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
NVD Status: Modified
CNA: Red Hat, Inc.
Published Date: 2024-01-17 16:15:47
(8 months ago)
Updated Date: 2024-09-14 00:15:16
(2 days ago)

Affected Products

Linux

Linux Kernel

Redhat

Enterprise Linux

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.20 version and prior 5.4.267 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.267
Linux Kernel from 5.5 version and prior 5.10.208 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.208
Linux Kernel from 5.11 version and prior 5.15.147 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.147
Linux Kernel from 5.16 version and prior 6.1.69 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.69
Linux Kernel from 6.2 version and prior 6.6.7 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.7
Linux Kernel 6.7 Rc1	cpe:2.3:o:linux:linux_kernel:6.7:rc1
Linux Kernel 6.7 Rc2	cpe:2.3:o:linux:linux_kernel:6.7:rc2
Linux Kernel 6.7 Rc3	cpe:2.3:o:linux:linux_kernel:6.7:rc3
Linux Kernel 6.7 Rc4	cpe:2.3:o:linux:linux_kernel:6.7:rc4

Configuration #2

		CPE23	From	Up To
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux 9.0	cpe:2.3:o:redhat:enterprise_linux:9.0