How severe is CVE-2024-43873?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-43873?

This is classified as CWE-909, which is a common weakness in software security.

CVE-2024-43873 - HIGH Severity | CVSS 7.8

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this). To fix: - initialize seqpacket_allow after allocation - set it unconditionally in set_features

Related Vulnerabilities

CVE-2005-1036

HIGH

CVSS:7.8(High)

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to caus...

CWE-9092005

CVE-2022-29968

HIGH

CVSS:7.8(High)

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

CWE-9092022

CVE-2018-10811

HIGH

CVSS:7.5(High)

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

CWE-9092018

CVE-2018-21247

HIGH

CVSS:7.5(High)

An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.

CWE-9092018

CVE-2019-12408

HIGH

CVSS:7.5(High)

It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null va...

CWE-9092019

CVE-2019-12410

HIGH

CVSS:7.5(High)

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data ...

CWE-9092019