Metrics
Affected Vendors & Products
Fri, 25 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linux
Linux linux Kernel |
|
Weaknesses | CWE-908 | |
CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linux
Linux linux Kernel |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
Tue, 22 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 19 Sep 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 | |
Metrics |
cvssV3_1
|
cvssV3_1
|
Wed, 11 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 19 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Sat, 17 Aug 2024 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation. | |
Title | udf: Fix bogus checksum computation in udf_rename() | |
References |
|
Status: PUBLISHED
Assigner: Linux
Published: 2024-08-17T09:21:59.735Z
Updated: 2024-12-19T09:17:01.682Z
Reserved: 2024-08-17T09:11:59.275Z
Link: CVE-2024-43845
Updated: 2024-09-11T12:42:23.012Z
Status : Analyzed
Published: 2024-08-17T10:15:09.837
Modified: 2024-10-25T19:51:07.187
Link: CVE-2024-43845