CVE-2024-46844

Description

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line().

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-824 CWE-824

Affected Products

Vendor	Product	Versions
linux	linux_kernel	< 4.19.322
linux	linux_kernel	4.20 — 5.4.284
linux	linux_kernel	5.5 — 5.10.226
linux	linux_kernel	5.11 — 5.15.167
linux	linux_kernel	5.16 — 6.1.110
linux	linux_kernel	6.2 — 6.6.51
linux	linux_kernel	6.7 — 6.10.10

References

Advisories & Patches

https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5 https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6 https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84 https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874 https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2

Other References

https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Frequently Asked Questions

What is CVE-2024-46844? +

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). It has a CVSS v3.1 base score of 7.8 (HIGH).

How severe is CVE-2024-46844? +

CVE-2024-46844 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-46844? +

CVE-2024-46844 affects products from linux, specifically: linux_kernel. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-46844? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-14739

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack …

CVE-2025-66588 9.8

In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which …

CVE-2025-32451 8.8

A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted …

CVE-2023-43531 8.4

Memory corruption while verifying the serialized header when the key pairs are generated.

CVE-2025-54207 7.8

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in …

CVE-2024-47411 7.8

Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary …