CVE-2024-43845

{"id": "CVE-2024-43845", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2024-08-17T10:15:09.837", "references": [{"url": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: corrige el c\u00e1lculo falso de la suma de comprobaci\u00f3n en udf_rename() Syzbot informa acceso a memoria no inicializada en udf_rename() al actualizar la suma de comprobaci\u00f3n de la entrada del directorio '..' de un directorio movido. De hecho, esto es cierto cuando pasamos diriter.fi en la pila a udf_update_tag() y debido a que solo tiene la estructura fileIdentDesc incluida y no los campos impUse o nombre, la funci\u00f3n de suma de verificaci\u00f3n sumar\u00e1 los contenidos aleatorios de la pila m\u00e1s all\u00e1 del final de la estructura. En realidad, esto es inofensivo porque el siguiente udf_fiiter_write_fi() volver\u00e1 a calcular la suma de comprobaci\u00f3n de los b\u00faferes en el disco donde todo est\u00e1 incluido correctamente. As\u00ed que todo lo que se necesita es simplemente eliminar el c\u00e1lculo falso."}], "lastModified": "2024-10-25T19:51:07.187", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E752D2D6-EE15-4491-857A-AA8D6AE62EDF", "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92D388F2-1EAF-4CFA-AC06-5B26D762EA7D", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}