Lucene search

K
redhatcveRedhat.comRH:CVE-2024-0646
HistoryJan 17, 2024 - 3:18 p.m.

CVE-2024-0646

2024-01-1715:18:24
redhat.com
access.redhat.com
180
out-of-bounds memory write
linux kernel
transport layer security
splice function
ktls socket
privilege escalation
mitigation
blacklist kernel module

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.1%

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Mitigation

To mitigate this issue, prevent module tls from being loaded. Please see <https://access.redhat.com/solutions/41278&gt; for how to blacklist a kernel module to prevent it from loading automatically.

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0

Percentile

10.1%