1.5 KiB
CVE-2024-43845
Description
In the Linux kernel, the following vulnerability has been resolved:udf: Fix bogus checksum computation in udf_rename()Syzbot reports uninitialized memory access in udf_rename() when updatingchecksum of '..' directory entry of a moved directory. This is indeedtrue as we pass on-stack diriter.fi to the udf_update_tag() and becausethat has only struct fileIdentDesc included in it and not the impUse orname fields, the checksumming function is going to checksum random stackcontents beyond the end of the structure. This is actually harmlessbecause the following udf_fiiter_write_fi() will recompute the checksumfrom on-disk buffers where everything is properly included. So all thatis needed is just removing the bogus calculation.
POC
Reference
No PoCs from references.