[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250039

 
 

909

 
 

195882

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2024-0646Date: (C)2024-01-17   (M)2024-05-10


An out-of-bounds memory write flaw was found in the Linux kernel���s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score :
Exploit Score: 1.8Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
RHBZ#2253908
RHSA-2024:0723
RHSA-2024:0724
RHSA-2024:0725
RHSA-2024:0850
RHSA-2024:0851
RHSA-2024:0876
RHSA-2024:0881
RHSA-2024:0897
RHSA-2024:1248
RHSA-2024:1250
RHSA-2024:1251
RHSA-2024:1253
RHSA-2024:1268
RHSA-2024:1269
RHSA-2024:1278
RHSA-2024:1306
RHSA-2024:1367
RHSA-2024:1368
RHSA-2024:1377
RHSA-2024:1382
RHSA-2024:1404
https://access.redhat.com/security/cve/CVE-2024-0646
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267

CWE    1
CWE-787
OVAL    36
oval:org.secpod.oval:def:19500580
oval:org.secpod.oval:def:98723
oval:org.secpod.oval:def:708773
oval:org.secpod.oval:def:708795
...

© SecPod Technologies