« List of all CVEs

CVE-2024-0646

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

Published: 1/17/2024 Last updated: 11/6/2025 Reserved: 1/17/2024

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7 High CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (40)

Product Vendor Version
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat < f23643306430f86e2f413ee2b986e0773e79da31
Red Hat Enterprise Linux 9 Red Hat < 5f71716772b88cbe0e1788f6a38d7871aff2120b
Red Hat Enterprise Linux 9 Red Hat < 38e1f2ee82bacbbfded8f1c06794a443d038d054
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat < 0d3b5fe47938e9c451466845304a2bd74e967a80
Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat <= 4.14.*
< e6b842741b4f39007215fd7e545cb55aa3d358a2
Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat <= 5.4.*
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat <= 5.10.*
<6.8
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat 0.3.0
Red Hat Enterprise Linux 8 Red Hat <= 4.9.*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat 0.3.2
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat 0.3.3
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Red Hat <= 5.4.*
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat <= 6.1.*
Red Hat Enterprise Linux 8 Red Hat <6
Red Hat Enterprise Linux 8 Red Hat 3.4
Red Hat Enterprise Linux 8.2 Telecommunications Update Service Red Hat <= 4.19.*
Red Hat Enterprise Linux 8.4 Telecommunications Update Service Red Hat 0.3.1
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat < d49547950bf7f3480d6ca05fe055978e5f0d9e5b
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat 4.19
Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat < 1101867a1711c27d8bbe0e83136bec47f8c1ca2a
Red Hat Enterprise Linux 8.6 Extended Update Support Red Hat <= *
Red Hat Enterprise Linux 8 Red Hat < 3.4
Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat < 4.19
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat <= 6.0.*
Red Hat Enterprise Linux 9 Red Hat < 0ad6bad31da692f8d7acacab07eabe7586239ae0
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat <= 5.15.*
RHOL-5.8-RHEL-9 Red Hat <= 5.10.*
RHOL-5.8-RHEL-9 Red Hat <= 5.15.*
RHOL-5.8-RHEL-9 Red Hat <= 6.1.*
RHOL-5.8-RHEL-9 Red Hat <= 6.4.*
RHOL-5.8-RHEL-9 Red Hat <= 6.5.*
RHOL-5.8-RHEL-9 Red Hat <= *
RHOL-5.8-RHEL-9 Red Hat < 7d16c515059b3746f2d6a24a74c3ba786a68c2a1
RHOL-5.8-RHEL-9 Red Hat < ec8f32ad9a65a8cbb465b69e154aaec9d2fe45c4
RHOL-5.8-RHEL-9 Red Hat 6.2
RHOL-5.8-RHEL-9 Red Hat < 6.2
RHOL-5.8-RHEL-9 Red Hat <= 6.3.*
RHOL-5.8-RHEL-9 Red Hat <= *

References (102)