Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-0646
HistoryJan 17, 2024 - 12:00 a.m.

CVE-2024-0646

2024-01-1700:00:00
ubuntu.com
ubuntu.com
34
cve-2024-0646
linux kernel
tls
out-of-bounds write
privilege escalation
local user
system crash
bugzilla
red hat
suse
launchpad

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.1%

An out-of-bounds memory write flaw was found in the Linux kernel’s
Transport Layer Security functionality in how a user calls a function
splice with a ktls socket as the destination. This flaw allows a local user
to crash or potentially escalate their privileges on the system.

Bugs

Notes

Author Note
Priority reason: Out-of-bounds memory write could lead to a potential local privilege escalation.
Rows per page:
1-10 of 671

References

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

10.1%