ktls

About this tag
The ktls tag on WindowsForum.com covers kernel TLS (kTLS) technology, a feature that offloads TLS encryption and decryption to the kernel for improved performance. Content under this tag focuses on security vulnerabilities in the Linux kernel's kTLS implementation, such as CVE-2024-0646, which involves an out-of-bounds write in the kTLS splice path that can lead to system crashes or local privilege escalation. Discussions highlight the risks at the intersection of fast I/O operations and kernel-side TLS offload, and include tracking by vendors and databases. While primarily Linux-focused, the tag may be relevant to Windows users interested in kernel-level security and TLS offloading concepts.
  1. CVE-2024-0646: Kernel OOB write in kTLS splice path risks crash

    A critical Linux-kernel flaw tracked as CVE-2024-0646 allows the kernel’s kTLS path to write past intended memory bounds when a user calls splice() with a kTLS socket as the destination, producing out‑of‑bounds writes that can crash the system or — in the worst case — be weaponized for local...