How severe is CVE-2024-43845?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2024-43845?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2024-43845 - LOW Severity | CVSS 3.3

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation.

Related Vulnerabilities

CVE-2019-20623

LOW

CVSS:3.3(Low)

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).

CWE-9082019

CVE-2020-29371

LOW

CVSS:3.3(Low)

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

CWE-9082020

CVE-2021-29623

LOW

CVSS:3.3(Low)

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earli...

CWE-9082021

CVE-2021-3435

LOW

CVSS:3.3(Low)

Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisorie...

CWE-9082021

CVE-2021-35000

LOW

CVSS:3.3(Low)

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ope...

CWE-9082021

CVE-2021-36282

LOW

CVSS:3.3(Low)

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN...

CWE-9082021