CVE-2024-0646

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

Published: 1/17/2024 Last updated: 6/17/2025 Reserved: 1/17/2024

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7	High	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (45)

Product	Vendor	Version
		< R149-V4
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	<= 2023.2.4
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	< R148-V7
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 2021
Red Hat Enterprise Linux 8	Red Hat	< R150-V2
Red Hat Enterprise Linux 7	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	< 10.0.19044.5371
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	<= 4.4.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< 10.0.19045.5371
Red Hat Enterprise Linux 9	Red Hat	< unspecified
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	Red Hat	< 10.0.22631.4751
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	< 7623b1035ca2d17bde0f6a086ad6844a34648df1
Red Hat Enterprise Linux 7	Red Hat	< 6.3.9600.22371
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	< 5.11.2
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	All versions < V14.1.0.4
Red Hat Enterprise Linux 8	Red Hat	2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier version, 2015.006.30495 and earlier, and 2015.006.30493 and earlier versions
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	< 10.0.17763.6775
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	<= 5.10.*
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	< v0.64.4
Red Hat Enterprise Linux 8	Red Hat	< 6.3.9600.21924
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	4.6.8.5
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	1.6.12
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	<= 1.4.3
RHOL-5.8-RHEL-9	Red Hat	< 2.1.4
RHOL-5.8-RHEL-9	Red Hat	< 117.0.5938.62
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	12.1.0.5
RHOL-5.8-RHEL-9	Red Hat	13.3.0.0
RHOL-5.8-RHEL-9	Red Hat	n/a
RHOL-5.8-RHEL-9	Red Hat	< 6.0.6003.23070
RHOL-5.8-RHEL-9	Red Hat	unspecified
RHOL-5.8-RHEL-9	Red Hat	< 6.1.7601.27520
RHOL-5.8-RHEL-9	Red Hat	SMR Apr-2025 Release in Android 13, 14, 15
RHOL-5.8-RHEL-9	Red Hat	<= 23.0.0
RHOL-5.8-RHEL-9	Red Hat	< 6.2.9200.25273

CVE-2024-0646

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

Metrics

Opam packages affected (27)

Products affected (45)

References (51)