Vulnerability CVE-2024-0646: Information
Description
An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
kernel-image-mp | sisyphus | 6.7.4-alt1 | 6.8.12-alt1 | ALT-PU-2024-1867-1 | 339882 | Fixed |
kernel-image-mp | p11 | 6.7.4-alt1 | 6.8.8-alt1 | ALT-PU-2024-1867-1 | 339882 | Fixed |
linux-tools | sisyphus_riscv64 | 6.7-alt1 | 6.9-alt1 | ALT-PU-2024-2779-1 | - | Fixed |
linux-tools | sisyphus_loongarch64 | 6.7-alt1 | 6.9-alt1 | ALT-PU-2024-1449-1 | - | Fixed |