CVE-2024-12085
Published: 14 January 2025
Summary
CVE-2024-12085 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique OS Credential Dumping (T1003); ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the uninitialized memory flaw in rsync checksum comparisons by applying vendor patches such as Red Hat errata.
Implements memory protection mechanisms to prevent unauthorized disclosure of uninitialized stack data during checksum operations.
Validates manipulated inputs like the s2length parameter to block crafted rsync traffic that triggers uninitialized memory comparisons.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in rsync enables an attacker to remotely leak uninitialized stack memory one byte at a time by manipulating the checksum length (s2length) during file checksum comparisons, facilitating OS Credential Dumping (T1003) from the rsync process memory.
NVD Description
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte…
more
of uninitialized stack data at a time.
Deeper analysisAI
CVE-2024-12085 is a vulnerability in rsync that arises during file checksum comparisons. The flaw enables an attacker to manipulate the checksum length parameter (s2length), causing rsync to compare a provided checksum against uninitialized memory. This results in the disclosure of one byte of uninitialized stack data per operation. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-908 (Use of Uninitialized Resource). It was published on 2025-01-14.
A remote, unauthenticated attacker can exploit this vulnerability with low attack complexity and no user interaction. By sending crafted rsync traffic that triggers checksum comparisons, the attacker can iteratively leak uninitialized stack bytes, enabling gradual information disclosure from the target's memory.
Red Hat has issued multiple errata addressing this flaw, including RHBA-2025:6470, RHSA-2025:0324, RHSA-2025:0325, RHSA-2025:0637, and RHSA-2025:0688. Security practitioners running affected rsync versions on Red Hat systems should apply these updates for mitigation.
Details
- CWE(s)