Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-7CG4-MP48-CGGR

Vulnerability from github – Published: 2024-03-25 09:32 – Updated: 2025-03-13 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: zero-initialize tc skb extension on allocation

Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log:

[ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [ 778.301495] load of value 107 is not a valid value for type '_Bool' [ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 778.307901] Call Trace: [ 778.308680] [ 778.309358] dump_stack+0xbb/0x107 [ 778.310307] ubsan_epilogue+0x5/0x40 [ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48 [ 778.312454] ? memset+0x20/0x40 [ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch] [ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [ 778.317188] ? create_prof_cpu_mask+0x20/0x20 [ 778.318220] ? arch_stack_walk+0x82/0xf0 [ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb [ 778.320399] ? stack_trace_save+0x91/0xc0 [ 778.321362] ? stack_trace_consume_entry+0x160/0x160 [ 778.322517] ? lock_release+0x52e/0x760 [ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch] [ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [ 778.325950] __netif_receive_skb_core+0x771/0x2db0 [ 778.327067] ? lock_downgrade+0x6e0/0x6f0 [ 778.328021] ? lock_acquire+0x565/0x720 [ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0 [ 778.329902] ? inet_gro_receive+0x2a7/0x10a0 [ 778.330914] ? lock_downgrade+0x6f0/0x6f0 [ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0 [ 778.332876] ? lock_release+0x52e/0x760 [ 778.333808] ? dev_gro_receive+0xcc8/0x2380 [ 778.334810] ? lock_downgrade+0x6f0/0x6f0 [ 778.335769] __netif_receive_skb_list_core+0x295/0x820 [ 778.336955] ? process_backlog+0x780/0x780 [ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [ 778.341033] ? kvm_clock_get_cycles+0x14/0x20 [ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0 [ 778.343288] ? __kasan_kmalloc+0x7a/0x90 [ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820 [ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [ 778.349688] ? napi_gro_flush+0x26c/0x3c0 [ 778.350641] napi_complete_done+0x188/0x6b0 [ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [ 778.352853] __napi_poll+0x9f/0x510 [ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [ 778.355158] net_rx_action+0x34c/0xa40 [ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0 [ 778.357083] ? sched_clock_cpu+0x18/0x190 [ 778.358041] ? __common_interrupt+0x8e/0x1a0 [ 778.359045] __do_softirq+0x1ce/0x984 [ 778.359938] __irq_exit_rcu+0x137/0x1d0 [ 778.360865] irq_exit_rcu+0xa/0x20 [ 778.361708] common_interrupt+0x80/0xa0 [ 778.362640] [ 778.363212] asm_common_interrupt+0x1e/0x40 [ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [ 778.370570] RAX ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-47136"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T09:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: zero-initialize tc skb extension on allocation\n\nFunction skb_ext_add() doesn\u0027t initialize created skb extension with any\nvalue and leaves it up to the user. However, since extension of type\nTC_SKB_EXT originally contained only single value tc_skb_ext-\u003echain its\nusers used to just assign the chain value without setting whole extension\nmemory to zero first. This assumption changed when TC_SKB_EXT extension was\nextended with additional fields but not all users were updated to\ninitialize the new fields which leads to use of uninitialized memory\nafterwards. UBSAN log:\n\n[  778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28\n[  778.301495] load of value 107 is not a valid value for type \u0027_Bool\u0027\n[  778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2\n[  778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[  778.307901] Call Trace:\n[  778.308680]  \u003cIRQ\u003e\n[  778.309358]  dump_stack+0xbb/0x107\n[  778.310307]  ubsan_epilogue+0x5/0x40\n[  778.311167]  __ubsan_handle_load_invalid_value.cold+0x43/0x48\n[  778.312454]  ? memset+0x20/0x40\n[  778.313230]  ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]\n[  778.314532]  ovs_vport_receive+0x19e/0x2e0 [openvswitch]\n[  778.315749]  ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]\n[  778.317188]  ? create_prof_cpu_mask+0x20/0x20\n[  778.318220]  ? arch_stack_walk+0x82/0xf0\n[  778.319153]  ? secondary_startup_64_no_verify+0xb0/0xbb\n[  778.320399]  ? stack_trace_save+0x91/0xc0\n[  778.321362]  ? stack_trace_consume_entry+0x160/0x160\n[  778.322517]  ? lock_release+0x52e/0x760\n[  778.323444]  netdev_frame_hook+0x323/0x610 [openvswitch]\n[  778.324668]  ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]\n[  778.325950]  __netif_receive_skb_core+0x771/0x2db0\n[  778.327067]  ? lock_downgrade+0x6e0/0x6f0\n[  778.328021]  ? lock_acquire+0x565/0x720\n[  778.328940]  ? generic_xdp_tx+0x4f0/0x4f0\n[  778.329902]  ? inet_gro_receive+0x2a7/0x10a0\n[  778.330914]  ? lock_downgrade+0x6f0/0x6f0\n[  778.331867]  ? udp4_gro_receive+0x4c4/0x13e0\n[  778.332876]  ? lock_release+0x52e/0x760\n[  778.333808]  ? dev_gro_receive+0xcc8/0x2380\n[  778.334810]  ? lock_downgrade+0x6f0/0x6f0\n[  778.335769]  __netif_receive_skb_list_core+0x295/0x820\n[  778.336955]  ? process_backlog+0x780/0x780\n[  778.337941]  ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]\n[  778.339613]  ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0\n[  778.341033]  ? kvm_clock_get_cycles+0x14/0x20\n[  778.342072]  netif_receive_skb_list_internal+0x5f5/0xcb0\n[  778.343288]  ? __kasan_kmalloc+0x7a/0x90\n[  778.344234]  ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]\n[  778.345676]  ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]\n[  778.347140]  ? __netif_receive_skb_list_core+0x820/0x820\n[  778.348351]  ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]\n[  778.349688]  ? napi_gro_flush+0x26c/0x3c0\n[  778.350641]  napi_complete_done+0x188/0x6b0\n[  778.351627]  mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]\n[  778.352853]  __napi_poll+0x9f/0x510\n[  778.353704]  ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]\n[  778.355158]  net_rx_action+0x34c/0xa40\n[  778.356060]  ? napi_threaded_poll+0x3d0/0x3d0\n[  778.357083]  ? sched_clock_cpu+0x18/0x190\n[  778.358041]  ? __common_interrupt+0x8e/0x1a0\n[  778.359045]  __do_softirq+0x1ce/0x984\n[  778.359938]  __irq_exit_rcu+0x137/0x1d0\n[  778.360865]  irq_exit_rcu+0xa/0x20\n[  778.361708]  common_interrupt+0x80/0xa0\n[  778.362640]  \u003c/IRQ\u003e\n[  778.363212]  asm_common_interrupt+0x1e/0x40\n[  778.364204] RIP: 0010:native_safe_halt+0xe/0x10\n[  778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 \u003cc3\u003e 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00\n[  778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246\n[  778.370570] RAX\n---truncated---",
  "id": "GHSA-7cg4-mp48-cggr",
  "modified": "2025-03-13T21:31:01Z",
  "published": "2024-03-25T09:32:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47136"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/86ab133b695ed7ba1f8786b12f4ca43137ad8c18"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9453d45ecb6c2199d72e73c993e9d98677a2801b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ac493452e937b8939eaf2d24cac51a4804b6c20e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7FJF-MF75-27GG

Vulnerability from github – Published: 2024-04-09 18:30 – Updated: 2024-04-09 18:30
VLAI
Details

Windows Mobile Hotspot Information Disclosure Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26220"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-09T17:15:41Z",
    "severity": "MODERATE"
  },
  "details": "Windows Mobile Hotspot Information Disclosure Vulnerability",
  "id": "GHSA-7fjf-mf75-27gg",
  "modified": "2024-04-09T18:30:25Z",
  "published": "2024-04-09T18:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26220"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7G8R-PWGG-6M72

Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32
VLAI
Details

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-58546"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T18:18:42Z",
    "severity": "MODERATE"
  },
  "details": "Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.",
  "id": "GHSA-7g8r-pwgg-6m72",
  "modified": "2026-07-14T18:32:41Z",
  "published": "2026-07-14T18:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58546"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58546"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GP8-9GRP-C69X

Vulnerability from github – Published: 2026-04-21 15:32 – Updated: 2026-06-30 03:36
VLAI
Details

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6749"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-824",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-21T13:16:20Z",
    "severity": "HIGH"
  },
  "details": "Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10.",
  "id": "GHSA-7gp8-9grp-c69x",
  "modified": "2026-06-30T03:36:20Z",
  "published": "2026-04-21T15:32:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6749"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:10757"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19465"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19466"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19467"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19468"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19469"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19542"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19655"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19704"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6749"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2022610"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460096"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6749.json"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-30"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-31"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-32"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-33"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-34"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:10766"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:10767"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:12285"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:13537"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:15892"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17477"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17687"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17688"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17689"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:17690"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19041"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19131"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19201"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19348"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19461"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19462"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19463"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:19464"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7H9H-8XQC-JG2R

Vulnerability from github – Published: 2023-01-20 21:30 – Updated: 2023-01-28 06:30
VLAI
Details

Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-20T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.",
  "id": "GHSA-7h9h-8xqc-jg2r",
  "modified": "2023-01-28T06:30:29Z",
  "published": "2023-01-20T21:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47012"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GNS3/dynamips/issues/125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7HC7-VJJ6-4P36

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29631"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-30T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.",
  "id": "GHSA-7hc7-vjj6-4p36",
  "modified": "2022-05-24T19:12:28Z",
  "published": "2022-05-24T19:12:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29631"
    },
    {
      "type": "WEB",
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210923-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-7P8P-77RQ-JH4W

Vulnerability from github – Published: 2025-06-10 18:32 – Updated: 2025-06-10 18:32
VLAI
Details

Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-10T17:22:16Z",
    "severity": "MODERATE"
  },
  "details": "Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.",
  "id": "GHSA-7p8p-77rq-jh4w",
  "modified": "2025-06-10T18:32:28Z",
  "published": "2025-06-10T18:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33052"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33052"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QG8-X5G2-P265

Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix uninit-value in usb_read8() and friends

When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized.

BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vsprintf.c:1704 [inline] pointer+0x18e6/0x1f70 lib/vsprintf.c:2443 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615 __dev_printk+0x3be/0x440 drivers/base/core.c:4627 _dev_info+0x1ea/0x22f drivers/base/core.c:4673 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436 kthread+0x3c7/0x500 kernel/kthread.c:376 ret_from_fork+0x1f/0x30

Local variable data created at: usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29

KMSAN: uninit-value in r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49301"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:06Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in usb_read8() and friends\n\nWhen r8712_usbctrl_vendorreq() returns negative, \u0027data\u0027 in\nusb_read{8,16,32} will not be initialized.\n\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]\nBUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:643 [inline]\n string+0x4ec/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n va_format lib/vsprintf.c:1704 [inline]\n pointer+0x18e6/0x1f70 lib/vsprintf.c:2443\n vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604\n dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615\n __dev_printk+0x3be/0x440 drivers/base/core.c:4627\n _dev_info+0x1ea/0x22f drivers/base/core.c:4673\n r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5363 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]\n port_event drivers/usb/core/hub.c:5665 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289\n worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436\n kthread+0x3c7/0x500 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30\n\nLocal variable data created at:\n usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33\n r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8",
  "id": "GHSA-7qg8-x5g2-p265",
  "modified": "2025-04-14T21:32:21Z",
  "published": "2025-04-14T21:32:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49301"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QP3-GX4R-G85J

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write

Syzkaller reported the following issue:

===================================================== BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline] BUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600 aio_rw_done fs/aio.c:1520 [inline] aio_write+0x899/0x950 fs/aio.c:1600 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019 __do_sys_io_submit fs/aio.c:2078 [inline] __se_sys_io_submit+0x293/0x770 fs/aio.c:2048 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Uninit was created at: slab_post_alloc_hook mm/slab.h:766 [inline] slab_alloc_node mm/slub.c:3452 [inline] __kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491 __do_kmalloc_node mm/slab_common.c:967 [inline] __kmalloc+0x11d/0x3b0 mm/slab_common.c:981 kmalloc_array include/linux/slab.h:636 [inline] bcm_tx_setup+0x80e/0x29d0 net/can/bcm.c:930 bcm_sendmsg+0x3a2/0xce0 net/can/bcm.c:1351 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline] sock_write_iter+0x495/0x5e0 net/socket.c:1108 call_write_iter include/linux/fs.h:2189 [inline] aio_write+0x63a/0x950 fs/aio.c:1600 io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019 __do_sys_io_submit fs/aio.c:2078 [inline] __se_sys_io_submit+0x293/0x770 fs/aio.c:2048 __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd

CPU: 1 PID: 5034 Comm: syz-executor350 Not tainted 6.2.0-rc6-syzkaller-80422-geda666ff2276 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 =====================================================

We can follow the call chain and find that 'bcm_tx_setup' function calls 'memcpy_from_msg' to copy some content to the newly allocated frame of 'op->frames'. After that the 'len' field of copied structure being compared with some constant value (64 or 8). However, if 'memcpy_from_msg' returns an error, we will compare some uninitialized memory. This triggers 'uninit-value' issue.

This patch will add 'memcpy_from_msg' possible errors processing to avoid uninit-value issue.

Tested via syzkaller

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53344"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write\n\nSyzkaller reported the following issue:\n\n=====================================================\nBUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520 [inline]\nBUG: KMSAN: uninit-value in aio_write+0x899/0x950 fs/aio.c:1600\n aio_rw_done fs/aio.c:1520 [inline]\n aio_write+0x899/0x950 fs/aio.c:1600\n io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019\n __do_sys_io_submit fs/aio.c:2078 [inline]\n __se_sys_io_submit+0x293/0x770 fs/aio.c:2048\n __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:766 [inline]\n slab_alloc_node mm/slub.c:3452 [inline]\n __kmem_cache_alloc_node+0x71f/0xce0 mm/slub.c:3491\n __do_kmalloc_node mm/slab_common.c:967 [inline]\n __kmalloc+0x11d/0x3b0 mm/slab_common.c:981\n kmalloc_array include/linux/slab.h:636 [inline]\n bcm_tx_setup+0x80e/0x29d0 net/can/bcm.c:930\n bcm_sendmsg+0x3a2/0xce0 net/can/bcm.c:1351\n sock_sendmsg_nosec net/socket.c:714 [inline]\n sock_sendmsg net/socket.c:734 [inline]\n sock_write_iter+0x495/0x5e0 net/socket.c:1108\n call_write_iter include/linux/fs.h:2189 [inline]\n aio_write+0x63a/0x950 fs/aio.c:1600\n io_submit_one+0x1d1c/0x3bf0 fs/aio.c:2019\n __do_sys_io_submit fs/aio.c:2078 [inline]\n __se_sys_io_submit+0x293/0x770 fs/aio.c:2048\n __x64_sys_io_submit+0x92/0xd0 fs/aio.c:2048\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 1 PID: 5034 Comm: syz-executor350 Not tainted 6.2.0-rc6-syzkaller-80422-geda666ff2276 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023\n=====================================================\n\nWe can follow the call chain and find that \u0027bcm_tx_setup\u0027 function\ncalls \u0027memcpy_from_msg\u0027 to copy some content to the newly allocated\nframe of \u0027op-\u003eframes\u0027. After that the \u0027len\u0027 field of copied structure\nbeing compared with some constant value (64 or 8). However, if\n\u0027memcpy_from_msg\u0027 returns an error, we will compare some uninitialized\nmemory. This triggers \u0027uninit-value\u0027 issue.\n\nThis patch will add \u0027memcpy_from_msg\u0027 possible errors processing to\navoid uninit-value issue.\n\nTested via syzkaller",
  "id": "GHSA-7qp3-gx4r-g85j",
  "modified": "2025-12-11T15:30:29Z",
  "published": "2025-09-17T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53344"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2b4c99f7d9a57ecd644eda9b1fb0a1072414959f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e6ad51c709fa794e0ce26003c9c9cd944e3383a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3fa0f1e0e31b1b73cdf59d4c36c7242e6ef821be"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/618b15d09fed6126356101543451d49860db4388"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78bc7f0ab99458221224d3ab97199c0f8e6861f1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ab2a55907823f0bca56b6d03ea05e4071ba8535f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bf70e0eab64c625da84d9fdf4e84466b79418920"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c11dbc7705b3739974ac31a13f4ab81e61a5fb07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7QP5-4FVR-94MM

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/core: initialize damo_filter->list from damos_new_filter()

damos_new_filter() is not initializing the list field of newly allocated filter object. However, DAMON sysfs interface and DAMON_RECLAIM are not initializing it after calling damos_new_filter(). As a result, accessing uninitialized memory is possible. Actually, adding multiple DAMOS filters via DAMON sysfs interface caused NULL pointer dereferencing. Initialize the field just after the allocation from damos_new_filter().

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: initialize damo_filter-\u003elist from damos_new_filter()\n\ndamos_new_filter() is not initializing the list field of newly allocated\nfilter object.  However, DAMON sysfs interface and DAMON_RECLAIM are not\ninitializing it after calling damos_new_filter().  As a result, accessing\nuninitialized memory is possible.  Actually, adding multiple DAMOS filters\nvia DAMON sysfs interface caused NULL pointer dereferencing.  Initialize\nthe field just after the allocation from damos_new_filter().",
  "id": "GHSA-7qp5-4fvr-94mm",
  "modified": "2026-02-12T18:30:18Z",
  "published": "2025-10-04T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53555"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f1fc67f2cb8d3035d3acd273b48b97835af8afd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/da7beebb49c643cd03c54447ed66595936a7a1ce"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.