Unrated severityNVD Advisory· Published Jan 17, 2024· Updated Nov 6, 2025
Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
CVE-2024-0646
Description
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Affected products
26- osv-coords25 versionspkg:deb/ubuntu/linux-azure@6.5.0-1015.15?arch=source&distro=manticpkg:rpm/almalinux/bpftoolpkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perf
< 6.5.0-1015.15+ 24 more
- (no CPE)range: < 6.5.0-1015.15
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
- (no CPE)range: < 4.18.0-513.18.1.el8_9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- access.redhat.com/errata/RHSA-2024:0723mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0724mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0725mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0850mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0851mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0876mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0881mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0897mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1248mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1250mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1251mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1253mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1268mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1269mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1278mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1306mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1367mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1368mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1377mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1382mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:1404mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2094mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2024-0646mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitre
News mentions
0No linked articles in our index yet.