{"id":"CVE-2024-0646","details":"An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.","modified":"2026-03-13T07:51:02.889010Z","published":"2024-01-17T16:15:47.190Z","related":["ALSA-2024:0897","USN-6652-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1268"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1278"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1367"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1382"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:2094"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1253"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2024-0646"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0723"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0724"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0851"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1248"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1251"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1269"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1306"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1377"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0725"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0897"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1250"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1368"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:1404"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0850"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0876"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:0881"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253908"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-0646.json","unresolved_ranges":[{"events":[{"introduced":"4.20"},{"fixed":"5.4.267"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.208"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.147"}]},{"events":[{"introduced":"5.16"},{"fixed":"6.1.69"}]},{"events":[{"introduced":"6.2"},{"fixed":"6.6.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"6.7-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}