CVE-2024-0646: High Fixes for in Linux Kernel
First published: Sun Dec 10 2023(Updated: )
A flaw in the Linux Kernel found. When splice() is called with a ktls socket as destination, the ktls code fails to update the internal "curr"/"copybreak" accounting that tracks which parts of the plaintext scatter-gather buffer (`struct sk_msg_sg`) are unused writable memory. This can cause subsequent writes to the socket to overwrite the contents of spliced pages, including pages from files to which the caller is not supposed to have write access. Reference: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <6.7 | |
| Linux Linux kernel | =6.7-rc1 | |
| Linux Linux kernel | =6.7-rc2 | |
| Linux Linux kernel | =6.7-rc3 | |
| Linux Linux kernel | =6.7-rc4 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| ubuntu/linux | <5.4.0-172.190 | 5.4.0-172.190 |
| ubuntu/linux | <5.15.0-97.107 | 5.15.0-97.107 |
| ubuntu/linux | <6.5.0-21.21 | 6.5.0-21.21 |
| ubuntu/linux-aws | <5.4.0-1119.129 | 5.4.0-1119.129 |
| ubuntu/linux-aws | <5.15.0-1055.60 | 5.15.0-1055.60 |
| ubuntu/linux-aws | <6.5.0-1014.14 | 6.5.0-1014.14 |
| ubuntu/linux-aws-5.15 | <5.15.0-1055.60~20.04.1 | 5.15.0-1055.60~20.04.1 |
| ubuntu/linux-aws-5.4 | <5.4.0-1119.129~18.04.1 | 5.4.0-1119.129~18.04.1 |
| ubuntu/linux-azure | <5.4.0-1124.131 | 5.4.0-1124.131 |
| ubuntu/linux-azure | <5.15.0-1057.65 | 5.15.0-1057.65 |
| ubuntu/linux-azure | <6.5.0-1015.15 | 6.5.0-1015.15 |
| ubuntu/linux-azure-5.15 | <5.15.0-1057.65~20.04.1 | 5.15.0-1057.65~20.04.1 |
| ubuntu/linux-azure-5.4 | <5.4.0-1124.131~18.04.1 | 5.4.0-1124.131~18.04.1 |
| ubuntu/linux-azure-fde | <5.15.0-1057.65.1 | 5.15.0-1057.65.1 |
| ubuntu/linux-azure-fde-5.15 | <5.15.0-1057.65~20.04.1.1 | 5.15.0-1057.65~20.04.1.1 |
| ubuntu/linux-bluefield | <5.4.0-1079.85 | 5.4.0-1079.85 |
| ubuntu/linux-gcp | <5.4.0-1123.132 | 5.4.0-1123.132 |
| ubuntu/linux-gcp | <5.15.0-1052.60 | 5.15.0-1052.60 |
| ubuntu/linux-gcp | <6.5.0-1014.14 | 6.5.0-1014.14 |
| ubuntu/linux-gcp-5.15 | <5.15.0-1052.60~20.04.1 | 5.15.0-1052.60~20.04.1 |
| ubuntu/linux-gcp-5.4 | <5.4.0-1123.132~18.04.1 | 5.4.0-1123.132~18.04.1 |
| ubuntu/linux-gke | <5.15.0-1051.56 | 5.15.0-1051.56 |
| ubuntu/linux-gkeop | <5.4.0-1086.90 | 5.4.0-1086.90 |
| ubuntu/linux-gkeop | <5.15.0-1037.43 | 5.15.0-1037.43 |
| ubuntu/linux-gkeop-5.15 | <5.15.0-1037.43~20.04.1 | 5.15.0-1037.43~20.04.1 |
| ubuntu/linux-hwe-5.15 | <5.15.0-97.107~20.04.1 | 5.15.0-97.107~20.04.1 |
| ubuntu/linux-hwe-5.4 | <5.4.0-172.190~18.04.1 | 5.4.0-172.190~18.04.1 |
| ubuntu/linux-hwe-6.5 | <6.5.0-21.21~22.04.1 | 6.5.0-21.21~22.04.1 |
| ubuntu/linux-ibm | <5.4.0-1066.71 | 5.4.0-1066.71 |
| ubuntu/linux-ibm | <5.15.0-1047.50 | 5.15.0-1047.50 |
| ubuntu/linux-ibm-5.15 | <5.15.0-1047.50~20.04.1 | 5.15.0-1047.50~20.04.1 |
| ubuntu/linux-ibm-5.4 | <5.4.0-1066.71~18.04.1 | 5.4.0-1066.71~18.04.1 |
| ubuntu/linux-intel-iotg | <5.15.0-1049.55 | 5.15.0-1049.55 |
| ubuntu/linux-intel-iotg-5.15 | <5.15.0-1049.55~20.04.1 | 5.15.0-1049.55~20.04.1 |
| ubuntu/linux-iot | <5.4.0-1031.32 | 5.4.0-1031.32 |
| ubuntu/linux-kvm | <5.4.0-1107.114 | 5.4.0-1107.114 |
| ubuntu/linux-kvm | <5.15.0-1051.56 | 5.15.0-1051.56 |
| ubuntu/linux-laptop | <6.5.0-1010.13 | 6.5.0-1010.13 |
| ubuntu/linux-lowlatency | <5.15.0-97.107 | 5.15.0-97.107 |
| ubuntu/linux-lowlatency | <6.5.0-21.21.1 | 6.5.0-21.21.1 |
| ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-97.107~20.04.1 | 5.15.0-97.107~20.04.1 |
| ubuntu/linux-lowlatency-hwe-6.5 | <6.5.0-21.21.1~22.04.1 | 6.5.0-21.21.1~22.04.1 |
| ubuntu/linux-nvidia | <5.15.0-1045.45 | 5.15.0-1045.45 |
| ubuntu/linux-oem-6.1 | <6.1.0-1033.33 | 6.1.0-1033.33 |
| ubuntu/linux-oem-6.5 | <6.5.0-1015.16 | 6.5.0-1015.16 |
| ubuntu/linux-oracle | <5.4.0-1118.127 | 5.4.0-1118.127 |
| ubuntu/linux-oracle | <5.15.0-1052.58 | 5.15.0-1052.58 |
| ubuntu/linux-oracle | <6.5.0-1016.16 | 6.5.0-1016.16 |
| ubuntu/linux-oracle-5.15 | <5.15.0-1052.58~20.04.1 | 5.15.0-1052.58~20.04.1 |
| ubuntu/linux-oracle-5.4 | <5.4.0-1118.127~18.04.1 | 5.4.0-1118.127~18.04.1 |
| ubuntu/linux-raspi | <5.4.0-1103.115 | 5.4.0-1103.115 |
| ubuntu/linux-raspi | <5.15.0-1047.50 | 5.15.0-1047.50 |
| ubuntu/linux-raspi | <6.5.0-1011.14 | 6.5.0-1011.14 |
| ubuntu/linux-raspi-5.4 | <5.4.0-1103.115~18.04.1 | 5.4.0-1103.115~18.04.1 |
| ubuntu/linux-riscv | <6.5.0-21.21.1 | 6.5.0-21.21.1 |
| ubuntu/linux-riscv-5.15 | <5.15.0-1050.54~20.04.1 | 5.15.0-1050.54~20.04.1 |
| ubuntu/linux-riscv-6.5 | <6.5.0-21.21.1~22.04.1 | 6.5.0-21.21.1~22.04.1 |
| ubuntu/linux-starfive | <6.5.0-1008.9 | 6.5.0-1008.9 |
| ubuntu/linux-starfive-6.5 | <6.5.0-1008.9~22.04.1 | 6.5.0-1008.9~22.04.1 |
| ubuntu/linux-xilinx-zynqmp | <5.4.0-1038.42 | 5.4.0-1038.42 |
| redhat/kernel | <6.7 | 6.7 |
| debian/linux | <=5.10.205-2 | 4.19.249-2 4.19.304-1 5.10.209-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2024/03/long-term-support-channel-update-for.html (Advisory)
- https://access.redhat.com/errata/RHSA-2024:0723
- https://access.redhat.com/errata/RHSA-2024:0724
- https://access.redhat.com/errata/RHSA-2024:0725
- https://access.redhat.com/errata/RHSA-2024:0850
- https://access.redhat.com/errata/RHSA-2024:0851
- https://access.redhat.com/errata/RHSA-2024:0876
- https://access.redhat.com/errata/RHSA-2024:0881
- https://access.redhat.com/errata/RHSA-2024:0897
- https://access.redhat.com/errata/RHSA-2024:1248
- https://access.redhat.com/errata/RHSA-2024:1250
- https://access.redhat.com/errata/RHSA-2024:1251
- https://access.redhat.com/errata/RHSA-2024:1253
- https://access.redhat.com/errata/RHSA-2024:1268
- https://access.redhat.com/errata/RHSA-2024:1269
- https://access.redhat.com/errata/RHSA-2024:1278
- https://access.redhat.com/errata/RHSA-2024:1306
- https://access.redhat.com/errata/RHSA-2024:1367
- https://access.redhat.com/errata/RHSA-2024:1368
- https://access.redhat.com/errata/RHSA-2024:1377
- https://access.redhat.com/errata/RHSA-2024:1382
- https://access.redhat.com/security/cve/CVE-2024-0646
- https://bugzilla.redhat.com/show_bug.cgi?id=2253908
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267
- https://access.redhat.com/errata/RHSA-2024:1404
- https://exchange.xforce.ibmcloud.com/vulnerabilities/279830
- https://www.ibm.com/support/pages/node/7144861 (Advisory)
- https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd
- https://security-tracker.debian.org/tracker/CVE-2024-0646
- https://launchpad.net/bugs/cve/CVE-2024-0646
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258817
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2259000
- https://git.kernel.org/linus/c5a595000e2677e865a39f249c056bc05d6e55fd (6.7-rc5)
- https://lore.kernel.org/all/20231206232706.374377-2-john.fastabend@gmail.com/
- https://ubuntu.com/security/notices/USN-6639-1
- https://ubuntu.com/security/notices/USN-6648-1
- https://ubuntu.com/security/notices/USN-6651-1
- https://ubuntu.com/security/notices/USN-6652-1
- https://ubuntu.com/security/notices/USN-6653-1
- https://ubuntu.com/security/notices/USN-6648-2
- https://ubuntu.com/security/notices/USN-6651-2
- https://ubuntu.com/security/notices/USN-6653-2
- https://ubuntu.com/security/notices/USN-6651-3
- https://ubuntu.com/security/notices/USN-6653-3
- https://ubuntu.com/security/notices/USN-6653-4
- https://www.cve.org/CVERecord?id=CVE-2024-0646
- https://nvd.nist.gov/vuln/detail/CVE-2024-0646
- https://git.kernel.org/linus/d829e9c4112b52f4f00195900fd4c685f61365ab
- https://ubuntu.com/security/CVE-2024-0646
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- agent/type
- agent/first-publish-date
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/remedy
- agent/author
- collector/chrome-releases
- agent/title
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/references
- agent/severity
- agent/tags
- agent/description
- collector/nvd-cve
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-0646
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/6.7-rc1
- version/linux linux kernel/6.7-rc2
- version/linux linux kernel/6.7-rc3
- version/linux linux kernel/6.7-rc4
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/debian
- package-manager/redhat
- package-manager/ubuntu