Linux Kernel Flaw (CVE-2024-0646) Exposes Systems to Privilege Escalation

A flaw (CVE-2024-0646, CVSS 7.8) discovered in the Linux Kernel Transport Layer Security (kTLS) could have been exploited by local users to gain elevated system privileges or disrupt system operations. Fortunately, patches for this vulnerability are now available.

kTLS brings fundamental TLS encryption and authentication functions directly into the Linux kernel. This streamlines secure communication for essential internet protocols like HTTPS (secure web browsing), email, and other internet-connected applications.

The essence of this vulnerability lies in the improper handling of memory when splice()  is called. The KTLS code fails to correctly update the internal accounting (curr/copybreak) of the plaintext scatter-gather buffer (struct sk_msg_sg), leading to an out-of-bounds memory write flaw. This lapse in memory management can allow subsequent writes to the socket to overwrite the contents of spliced pages, dangerously including pages from files that the caller should not have write access to. An attacker might manipulate this to cause unexpected execution of code with unintended system privileges.

Threat Implications

• Privilege Escalation: Local users with basic system access could use this flaw to gain more powerful root-level (administrative) privileges on a vulnerable system.
• Data Exposure: In some scenarios, a compromised system could inadvertently reveal sensitive data from protected memory.
• System Disruption: Attackers might employ this exploit to trigger a system crash, leading to denial of service scenarios.

The crucial step for Linux system administrators is to immediately update to kernel version 6.7-rc5 or later, where the fix for CVE-2024-0646 is included. For distributions that might be slower with kernel updates, check your vendor’s security advisories for possible backported patches.