CVE-2024-43845 in Linux
Summary
by MITRE • 08/17/2024
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/02/2026
The vulnerability identified as CVE-2024-43845 resides within the Linux kernel's Universal Disk Format UDF (Universal Disk Format) subsystem, specifically affecting the udf_rename() function. This issue represents a classic case of improper memory access patterns that could potentially lead to system instability or information disclosure. The problem manifests when the kernel attempts to update checksums during directory renaming operations, particularly when moving directories within UDF filesystems. The vulnerability was discovered through automated fuzzing conducted by syzbot, which identified uninitialized memory access patterns that could compromise system integrity.
The technical root cause stems from how the udf_rename() function handles checksum computations for directory entries. When processing directory moves, the function passes a stack-based structure named diriter.fi to the udf_update_tag() function. However, this structure only includes the struct fileIdentDesc component while omitting the impUse and name fields that are essential for proper checksum calculation. This omission causes the checksumming algorithm to process uninitialized stack memory beyond the intended structure boundaries, creating a situation where random memory contents become part of the checksum calculation. This flaw aligns with CWE-457: Use of Uninitialized Variable, where uninitialized memory is used in a context that requires initialized data.
The operational impact of this vulnerability extends beyond simple checksum calculation errors, as it represents a potential pathway for information disclosure through uninitialized memory access patterns. While the kernel's subsequent udf_fiiter_write_fi() function does recompute the checksum using properly populated on-disk buffers, the initial bogus calculation creates a window where uninitialized memory could potentially leak sensitive information or cause unpredictable behavior. This vulnerability affects systems utilizing UDF filesystems, particularly those handling directory renaming operations, and could be exploited in scenarios where attackers might leverage the uninitialized memory access for information gathering or system compromise. The issue falls under the ATT&CK technique T1059.007: Command and Scripting Interpreter: Python, though more accurately represents a kernel-level memory corruption vulnerability that could be leveraged for privilege escalation or denial of service attacks.
The fix for CVE-2024-43845 is straightforward yet crucial, requiring the removal of the erroneous checksum calculation that processes uninitialized memory. This remediation ensures that checksums are only computed using properly initialized and valid data structures, eliminating the risk of uninitialized memory access patterns. The solution maintains the integrity of the filesystem operations while preserving the functional correctness of directory renaming within UDF filesystems. System administrators should prioritize applying this kernel patch across all systems running Linux kernels with UDF filesystem support, particularly those handling critical data operations or serving as file servers. The vulnerability demonstrates the importance of careful memory management in kernel code and highlights the need for thorough testing of filesystem operations that involve checksum calculations and memory access patterns.