DEBIAN-CVE-2024-43845

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-43845

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-43845.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-43845

Upstream

CVE-2024-43845

Published

2024-08-17T10:15:09Z

Modified

2025-09-25T22:40:34Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udfrename() Syzbot reports uninitialized memory access in udfrename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udfupdatetag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udffiiterwrite_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation.

References

https://security-tracker.debian.org/tracker/CVE-2024-43845

Affected packages

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.10.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}