Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2024-0646

Disclosure Date: January 17, 2024 •

CVE-2024-0646 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

OS

Unknown

Vulnerable Versions

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8 not down converted

Red Hat Enterprise Linux 8.2 Advanced Update Support not down converted

Red Hat Enterprise Linux 8.2 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.2 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support not down converted

Red Hat Enterprise Linux 8.4 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.4 Telecommunications Update Service not down converted

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions not down converted

Red Hat Enterprise Linux 8.6 Extended Update Support not down converted

Red Hat Enterprise Linux 8.6 Extended Update Support not down converted

Red Hat Enterprise Linux 8.8 Extended Update Support not down converted

Red Hat Enterprise Linux 8.8 Extended Update Support not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9 not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Enterprise Linux 9.0 Extended Update Support not down converted

Red Hat Enterprise Linux 9.2 Extended Update Support not down converted

Red Hat Enterprise Linux 9.2 Extended Update Support not down converted

Red Hat Enterprise Linux 9.2 Extended Update Support not down converted

Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

RHOL-5.8-RHEL-9 not down converted

Red Hat Enterprise Linux 6 not down converted

Red Hat Enterprise Linux 7 not down converted

Red Hat Enterprise Linux 7 not down converted

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

linux,
redhat

Products

enterprise linux 8.0,
enterprise linux 9.0,
linux kernel,
linux kernel 6.7

References

Canonical

CVE-2024-0646 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646)

Miscellaneous

https://access.redhat.com/security/cve/CVE-2024-0646

https://bugzilla.redhat.com/show_bug.cgi?id=2253908

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267

https://access.redhat.com/errata/RHSA-2024:0723

https://access.redhat.com/errata/RHSA-2024:0724

https://access.redhat.com/errata/RHSA-2024:0725

https://access.redhat.com/errata/RHSA-2024:0850

https://access.redhat.com/errata/RHSA-2024:0851

https://access.redhat.com/errata/RHSA-2024:0876

https://access.redhat.com/errata/RHSA-2024:0881

https://access.redhat.com/errata/RHSA-2024:0897

https://access.redhat.com/errata/RHSA-2024:1248

https://access.redhat.com/errata/RHSA-2024:1250

https://access.redhat.com/errata/RHSA-2024:1251

https://access.redhat.com/errata/RHSA-2024:1253

https://access.redhat.com/errata/RHSA-2024:1268

https://access.redhat.com/errata/RHSA-2024:1269

https://access.redhat.com/errata/RHSA-2024:1278

https://access.redhat.com/errata/RHSA-2024:1306

https://access.redhat.com/errata/RHSA-2024:1367

https://access.redhat.com/errata/RHSA-2024:1368

https://access.redhat.com/errata/RHSA-2024:1377

https://access.redhat.com/errata/RHSA-2024:1382

https://access.redhat.com/errata/RHSA-2024:1404

https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

https://access.redhat.com/errata/RHSA-2024:2094

Rapid7

Technical Analysis