CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-R79F-F2R8-HW82
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2021-21218"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-26T17:15:00Z",
"severity": "MODERATE"
},
"details": "Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.",
"id": "GHSA-r79f-f2r8-hw82",
"modified": "2022-05-24T17:48:52Z",
"published": "2022-05-24T17:48:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21218"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1166478"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4906"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-R7RJ-FP7W-X8R3
Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2022-34655"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-04T18:15:00Z",
"severity": "HIGH"
},
"details": "In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-r7rj-fp7w-x8r3",
"modified": "2022-08-11T00:00:19Z",
"published": "2022-08-05T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34655"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K93504311"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R83V-RMQ7-R5M4
Vulnerability from github – Published: 2025-03-04 15:31 – Updated: 2025-03-05 00:30When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136.
{
"affected": [],
"aliases": [
"CVE-2025-1942"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-04T14:15:39Z",
"severity": "MODERATE"
},
"details": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox \u003c 136.",
"id": "GHSA-r83v-rmq7-r5m4",
"modified": "2025-03-05T00:30:34Z",
"published": "2025-03-04T15:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1942"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-14"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2025-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R9CG-795W-R2QR
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix crash when mount with quota enabled
There is a reported crash when mounting ocfs2 with quota enabled.
RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2] Call Trace: ocfs2_local_read_info+0xb9/0x6f0 [ocfs2] dquot_load_quota_sb+0x216/0x470 dquot_load_quota_inode+0x85/0x100 ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2] ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x465/0xac0 __x64_sys_mount+0x103/0x140
It is caused by when initializing dqi_gqlock, the corresponding dqi_type and dqi_sb are not properly initialized.
This issue is introduced by commit 6c85c2c72819, which wants to avoid accessing uninitialized variables in error cases. So make global quota info properly initialized.
{
"affected": [],
"aliases": [
"CVE-2022-49274"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix crash when mount with quota enabled\n\nThere is a reported crash when mounting ocfs2 with quota enabled.\n\n RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]\n Call Trace:\n ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]\n dquot_load_quota_sb+0x216/0x470\n dquot_load_quota_inode+0x85/0x100\n ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]\n ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]\n mount_bdev+0x185/0x1b0\n legacy_get_tree+0x27/0x40\n vfs_get_tree+0x25/0xb0\n path_mount+0x465/0xac0\n __x64_sys_mount+0x103/0x140\n\nIt is caused by when initializing dqi_gqlock, the corresponding dqi_type\nand dqi_sb are not properly initialized.\n\nThis issue is introduced by commit 6c85c2c72819, which wants to avoid\naccessing uninitialized variables in error cases. So make global quota\ninfo properly initialized.",
"id": "GHSA-r9cg-795w-r2qr",
"modified": "2025-09-22T21:30:16Z",
"published": "2025-09-22T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49274"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/01931e1c4e3de5d777253acae64c0e8fd071a1dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7c5312fdb1dcfdc1951b018669af88d5d6420b31"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/de19433423c7bedabbd4f9a25f7dbc62c5e78921"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eda31f77317647b9fbf889779ee1fb6907651865"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RF5F-Q4MX-QC4V
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
{
"affected": [],
"aliases": [
"CVE-2020-29371"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-28T07:15:00Z",
"severity": "LOW"
},
"details": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
"id": "GHSA-rf5f-q4mx-qc4v",
"modified": "2022-05-24T17:35:03Z",
"published": "2022-05-24T17:35:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29371"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2077"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcf85fcedfdd17911982a3e3564fcfec7b01eebd"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RFCQ-Q5WV-MPCG
Vulnerability from github – Published: 2025-10-04 09:30 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Set merge to zero early in af_alg_sendmsg
If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done.
Fix this by setting ctx->merge to zero near the start of the loop.
{
"affected": [],
"aliases": [
"CVE-2025-39931"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T08:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop. This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
"id": "GHSA-rfcq-q5wv-mpcg",
"modified": "2026-07-14T15:31:28Z",
"published": "2025-10-04T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39931"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/045ee26aa3920a47ec46d7fcb302420bf01fd753"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2374c11189ef704a3e4863646369f1b8e6a27d71"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/24c1106504c625fabd3b7229611af617b4c27ac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28f6f37abca7c5c9eb3959c66310f1d4d98b8aaf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf5beddf088dc1b8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db2b42425dfbde4983b0c20fb7cfa05f70e6a745"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RFHV-V778-G5C3
Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-10-07 18:15A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.
{
"affected": [],
"aliases": [
"CVE-2020-10732"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-12T14:15:00Z",
"severity": "LOW"
},
"details": "A flaw was found in the Linux kernel\u0027s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.",
"id": "GHSA-rfhv-v778-g5c3",
"modified": "2022-10-07T18:15:55Z",
"published": "2022-05-24T17:20:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732"
},
{
"type": "WEB",
"url": "https://github.com/google/kmsan/issues/76"
},
{
"type": "WEB",
"url": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4485-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4440-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4439-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4427-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4411-1"
},
{
"type": "WEB",
"url": "https://twitter.com/grsecurity/status/1252558055629299712"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210129-0005"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg@mail.gmail.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2020-10732"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4609"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4431"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4062"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:4060"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RG4M-GWW5-7P47
Vulnerability from github – Published: 2021-08-25 20:54 – Updated: 2021-08-19 17:14An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "adtensor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29936"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:14:41Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.",
"id": "GHSA-rg4m-gww5-7p47",
"modified": "2021-08-19T17:14:41Z",
"published": "2021-08-25T20:54:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29936"
},
{
"type": "WEB",
"url": "https://github.com/charles-r-earp/adtensor/issues/4"
},
{
"type": "PACKAGE",
"url": "https://github.com/charles-r-earp/adtensor"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Free of uninitialized memory in adtensor"
}
GHSA-RH89-X75F-RH3C
Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 18:43Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "memoffset"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-15553"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:23:41Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.",
"id": "GHSA-rh89-x75f-rh3c",
"modified": "2023-06-13T18:43:22Z",
"published": "2021-08-25T20:44:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15553"
},
{
"type": "WEB",
"url": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
},
{
"type": "PACKAGE",
"url": "https://github.com/Gilnaa/memoffset"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Exposure of uninitialized memory in memoffset"
}
GHSA-RHJ5-4QQQ-64C2
Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-20 18:32In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2018-9420"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T22:15:19Z",
"severity": "MODERATE"
},
"details": "In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-rhj5-4qqq-64c2",
"modified": "2024-11-20T18:32:16Z",
"published": "2024-11-20T00:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9420"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-07-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.