CVE-2024-12085
Published: 14 January 2025
Summary
CVE-2024-12085 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique OS Credential Dumping (T1003); ranked in the top 4.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A flaw in rsync allows an attacker to manipulate the checksum length value (s2length) during file checksum comparisons. This triggers a comparison against uninitialized memory and leaks one byte of stack data at a time. The issue is tracked as CVE-2024-12085, carries a CVSS score of 7.5, and is classified under CWE-908 (Use of Uninitialized Resource). It affects the rsync utility when processing remote or untrusted file transfers that involve checksum verification.
An unauthenticated network attacker can exploit the vulnerability by sending crafted checksum data, achieving incremental disclosure of uninitialized stack contents without requiring user interaction or elevated privileges. The impact is limited to confidentiality, but repeated requests can accumulate sensitive memory fragments over time.
Red Hat has published multiple errata (RHSA-2025:0324, RHSA-2025:0325, RHSA-2025:0637, RHSA-2025:0688, and RHBA-2025:6470) that deliver patched rsync packages; administrators should apply the updates through standard update channels to eliminate the flaw.
The associated EPSS score currently stands at 0.1902 with a recorded peak of 0.2148, indicating moderate and relatively stable exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50581
Vulnerability details
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte…
more
of uninitialized stack data at a time.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in rsync enables an attacker to remotely leak uninitialized stack memory one byte at a time by manipulating the checksum length (s2length) during file checksum comparisons, facilitating OS Credential Dumping (T1003) from the rsync process memory.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the uninitialized memory flaw in rsync checksum comparisons by applying vendor patches such as Red Hat errata.
Implements memory protection mechanisms to prevent unauthorized disclosure of uninitialized stack data during checksum operations.
Validates manipulated inputs like the s2length parameter to block crafted rsync traffic that triggers uninitialized memory comparisons.