CVE-2024-0646

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

Description

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Remediation

Workaround:

To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Category

7.0

CVSS

Severity: High

CVSS 3.1 •

EPSS 0.01%

Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9

Affected: Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support

Affected: Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Affected: Red Hat RHOL-5.8-RHEL-9

Affected: Red Hat Red Hat Enterprise Linux 6

Affected: Red Hat Red Hat Enterprise Linux 7

Affected: Red Hat Red Hat Enterprise Linux 9

References

Link	Tags
https://access.redhat.com/errata/RHSA-2024:0723	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0724	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0725	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0850	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0851	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0876	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0881	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:0897	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1248	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1250	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1251	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1253	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1268	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1269	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1278	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1306	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1367	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1368	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1377	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1382	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:1404	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2024:2094	third party advisory vendor advisory
https://access.redhat.com/security/cve/CVE-2024-0646	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2253908	patch issue tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267	patch
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Frequently Asked Questions

What is the severity of CVE-2024-0646?: CVE-2024-0646 has been scored as a high severity vulnerability.
How to fix CVE-2024-0646?: As a workaround for remediating CVE-2024-0646: To mitigate this issue, prevent module tls from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Is CVE-2024-0646 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-0646 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-0646?: CVE-2024-0646 affects Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat RHOL-5.8-RHEL-9, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 9.

Description

Remediation

Category

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions