CVE-2024-0646: High Fixes for in Linux Kernel
First published: Sun Dec 10 2023(Updated: )
A flaw in the Linux Kernel found. When splice() is called with a ktls socket as destination, the ktls code fails to update the internal "curr"/"copybreak" accounting that tracks which parts of the plaintext scatter-gather buffer (`struct sk_msg_sg`) are unused writable memory. This can cause subsequent writes to the socket to overwrite the contents of spliced pages, including pages from files to which the caller is not supposed to have write access. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <6.7 | 6.7 |
| IBM Security Verify Governance, Identity Manager software component | <=ISVG 10.0.2 | |
| IBM Security Verify Governance, Identity Manager virtual appliance component | <=ISVG 10.0.2 | |
| Linux Kernel | >=4.20<5.4.267 | |
| Linux Kernel | >=5.5<5.10.208 | |
| Linux Kernel | >=5.11<5.15.147 | |
| Linux Kernel | >=5.16<6.1.69 | |
| Linux Kernel | >=6.2<6.6.7 | |
| Linux Kernel | =6.7-rc1 | |
| Linux Kernel | =6.7-rc2 | |
| Linux Kernel | =6.7-rc3 | |
| Linux Kernel | =6.7-rc4 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux | =9.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2024/03/long-term-support-channel-update-for.html (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi?id=2253908
- https://access.redhat.com/security/cve/CVE-2024-0646
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267
- https://access.redhat.com/errata/RHSA-2024:0723
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0876
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
- https://access.redhat.com/errata/RHSA-2024:1248
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1251
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1268
- https://access.redhat.com/errata/RHSA-2024:1269
- https://access.redhat.com/errata/RHSA-2024:1278
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1367
- https://access.redhat.com/errata/RHSA-2024:1368
- https://access.redhat.com/errata/RHSA-2024:1377
- https://access.redhat.com/errata/RHSA-2024:1382
- https://access.redhat.com/errata/RHSA-2024:1404
- https://launchpad.net/bugs/cve/CVE-2024-0646
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258817
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2259000
- https://access.redhat.com/errata/RHSA-2024:2094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646
- https://nvd.nist.gov/vuln/detail/CVE-2024-0646
- https://security-tracker.debian.org/tracker/CVE-2024-0646
- https://ubuntu.com/security/CVE-2024-0646
- https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
- https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd
- https://www.ibm.com/support/pages/node/7172423 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2024-0646?
CVE-2024-0646 is classified as a significant vulnerability in the Linux Kernel affecting ktls sockets.
What systems are affected by CVE-2024-0646?
CVE-2024-0646 affects various versions of the Linux Kernel, Red Hat Enterprise Linux, and specific IBM products.
How do I fix CVE-2024-0646?
To fix CVE-2024-0646, update your Linux Kernel to versions 6.7 or apply patches to vulnerable systems.
What is the impact of CVE-2024-0646?
CVE-2024-0646 may lead to improper access control on ktls sockets, potentially allowing unauthorized access to memory.
When was CVE-2024-0646 discovered?
CVE-2024-0646 was publicly disclosed in 2024.
- agent/type
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- agent/author
- collector/chrome-releases
- agent/title
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-0646
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- agent/trending
- agent/source
- collector/ibm-support
- source/IBM
- agent/references
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/ibm
- canonical/ibm security verify governance, identity manager software component
- version/ibm security verify governance, identity manager software component/isvg 10.0.2
- canonical/ibm security verify governance, identity manager virtual appliance component
- version/ibm security verify governance, identity manager virtual appliance component/isvg 10.0.2
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7-rc1
- version/linux kernel/6.7-rc2
- version/linux kernel/6.7-rc3
- version/linux kernel/6.7-rc4
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.0
- version/red hat enterprise linux/9.0
- package-manager/debian