7.8

CVE-2024-0646

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.20 < 5.4.267
LinuxLinux Kernel Version >= 5.5 < 5.10.208
LinuxLinux Kernel Version >= 5.11 < 5.15.147
LinuxLinux Kernel Version >= 5.16 < 6.1.69
LinuxLinux Kernel Version >= 6.2 < 6.6.7
LinuxLinux Kernel Version6.7 Updaterc1
LinuxLinux Kernel Version6.7 Updaterc2
LinuxLinux Kernel Version6.7 Updaterc3
LinuxLinux Kernel Version6.7 Updaterc4
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.222
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHSA-2024:1404
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0724
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1250
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1306
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1367
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1382
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1269
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1278
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://access.redhat.com/errata/RHSA-2024:2094
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0723
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0725
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0881
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0897
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1248
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1253
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0850
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0851
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0876
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1251
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1368
Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1377
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2024-0646
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2253908
Patch
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267
Patch