ghsa-pqp2-hjwx-f6qp
Vulnerability from github
Published
2024-08-17 12:30
Modified
2024-10-25 21:31
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details

In the Linux kernel, the following vulnerability has been resolved:

udf: Fix bogus checksum computation in udf_rename()

Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-43845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-17T10:15:09Z",
    "severity": "LOW"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of \u0027..\u0027 directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation.",
  "id": "GHSA-pqp2-hjwx-f6qp",
  "modified": "2024-10-25T21:31:26Z",
  "published": "2024-08-17T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43845"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.