Cyber Resilience

CVE-2024-12085

HighPublic PoC

Published: 14 January 2025

Published
14 January 2025
Modified
14 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.1902 95.5th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12085 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique OS Credential Dumping (T1003); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A flaw in rsync allows an attacker to manipulate the checksum length value (s2length) during file checksum comparisons. This triggers a comparison against uninitialized memory and leaks one byte of stack data at a time. The issue is tracked as CVE-2024-12085, carries a CVSS score of 7.5, and is classified under CWE-908 (Use of Uninitialized Resource). It affects the rsync utility when processing remote or untrusted file transfers that involve checksum verification.

An unauthenticated network attacker can exploit the vulnerability by sending crafted checksum data, achieving incremental disclosure of uninitialized stack contents without requiring user interaction or elevated privileges. The impact is limited to confidentiality, but repeated requests can accumulate sensitive memory fragments over time.

Red Hat has published multiple errata (RHSA-2025:0324, RHSA-2025:0325, RHSA-2025:0637, RHSA-2025:0688, and RHBA-2025:6470) that deliver patched rsync packages; administrators should apply the updates through standard update channels to eliminate the flaw.

The associated EPSS score currently stands at 0.1902 with a recorded peak of 0.2148, indicating moderate and relatively stable exploitation interest since disclosure.

EU & UK References

Vulnerability details

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte…

more

of uninitialized stack data at a time.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1003 OS Credential Dumping Credential Access
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.
Why these techniques?

The vulnerability in rsync enables an attacker to remotely leak uninitialized stack memory one byte at a time by manipulating the checksum length (s2length) during file checksum comparisons, facilitating OS Credential Dumping (T1003) from the rsync process memory.

CVEs Like This One

CVE-2024-12087Same product: Almalinux Almalinux
CVE-2024-12088Same product: Almalinux Almalinux
CVE-2024-12084Same product: Almalinux Almalinux
CVE-2024-57905Shared CWE-908
CVE-2024-13164Shared CWE-908
CVE-2024-57910Shared CWE-908
CVE-2024-57908Shared CWE-908
CVE-2024-57906Shared CWE-908
CVE-2026-4716Shared CWE-908
CVE-2024-57912Shared CWE-908

Affected Assets

samba
rsync
≤ 3.3.0
redhat
openshift
5.0
redhat
openshift container platform
4.12, 4.13, 4.14, 4.15, 4.16
redhat
enterprise linux
8.0, 9.0
redhat
enterprise linux eus
8.8, 9.2, 9.4, 9.6
redhat
enterprise linux for arm 64
8.0_aarch64, 9.0_aarch64, 9.2_aarch64
redhat
enterprise linux for arm 64 eus
8.8_aarch64, 9.4_aarch64, 9.6_aarch64
redhat
enterprise linux for ibm z systems
8.0_s390x, 9.0_s390x, 9.2_s390x
redhat
enterprise linux for ibm z systems eus
8.8_s390x, 9.4_s390x, 9.6_s390x
redhat
enterprise linux for power little endian
8.0_ppc64le, 8.8_ppc64le, 9.0_ppc64le, 9.2_ppc64le
+12 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the uninitialized memory flaw in rsync checksum comparisons by applying vendor patches such as Red Hat errata.

prevent

Implements memory protection mechanisms to prevent unauthorized disclosure of uninitialized stack data during checksum operations.

prevent

Validates manipulated inputs like the s2length parameter to block crafted rsync traffic that triggers uninitialized memory comparisons.

References