CVE-2024-43845

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c", "name": "https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4", "name": "https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b", "name": "https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b", "tags": ["Patch"], "refsource": ""}, {"url": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab", "name": "https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab", "tags": ["Patch"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Fix bogus checksum computation in udf_rename()\n\nSyzbot reports uninitialized memory access in udf_rename() when updating\nchecksum of '..' directory entry of a moved directory. This is indeed\ntrue as we pass on-stack diriter.fi to the udf_update_tag() and because\nthat has only struct fileIdentDesc included in it and not the impUse or\nname fields, the checksumming function is going to checksum random stack\ncontents beyond the end of the structure. This is actually harmless\nbecause the following udf_fiiter_write_fi() will recompute the checksum\nfrom on-disk buffers where everything is properly included. So all that\nis needed is just removing the bogus calculation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-908"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-43845", "ASSIGNER": "cve@kernel.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}}, "publishedDate": "2024-08-17T10:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "6.6.44", "versionStartIncluding": "6.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-19T13:15Z"}