CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-RV7F-P2FX-HH7Q
Vulnerability from github – Published: 2024-05-08 00:31 – Updated: 2024-05-08 00:31OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112.
{
"affected": [],
"aliases": [
"CVE-2021-35000"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-07T23:15:13Z",
"severity": "LOW"
},
"details": "OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16112.",
"id": "GHSA-rv7f-p2fx-hh7q",
"modified": "2024-05-08T00:31:15Z",
"published": "2024-05-08T00:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35000"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-012"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RVCC-G859-Q9QH
Vulnerability from github – Published: 2024-05-01 06:31 – Updated: 2026-04-11 15:30In the Linux kernel, the following vulnerability has been resolved:
fork: defer linking file vma until vma is fully initialized
Thorvald reported a WARNING [1]. And the root cause is below race:
CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping);
hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. Fix this by deferring linking file vma until vma is fully initialized. Those vmas should be initialized first before they can be used.
{
"affected": [],
"aliases": [
"CVE-2024-27022"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-01T06:15:21Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfork: defer linking file vma until vma is fully initialized\n\nThorvald reported a WARNING [1]. And the root cause is below race:\n\n CPU 1\t\t\t\t\tCPU 2\n fork\t\t\t\t\thugetlbfs_fallocate\n dup_mmap\t\t\t\t hugetlbfs_punch_hole\n i_mmap_lock_write(mapping);\n vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree.\n i_mmap_unlock_write(mapping);\n hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t i_mmap_lock_write(mapping);\n \t\t\t\t\t hugetlb_vmdelete_list\n\t\t\t\t\t vma_interval_tree_foreach\n\t\t\t\t\t hugetlb_vma_trylock_write -- Vma_lock is cleared.\n tmp-\u003evm_ops-\u003eopen -- Alloc new vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t hugetlb_vma_unlock_write -- Vma_lock is assigned!!!\n\t\t\t\t\t i_mmap_unlock_write(mapping);\n\nhugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside\ni_mmap_rwsem lock while vma lock can be used in the same time. Fix this\nby deferring linking file vma until vma is fully initialized. Those vmas\nshould be initialized first before they can be used.",
"id": "GHSA-rvcc-g859-q9qh",
"modified": "2026-04-11T15:30:23Z",
"published": "2024-05-01T06:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27022"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04b0c41912349aff11a1bbaef6a722bd7fbb90ac"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c42f7e039aba3de6d7dbf92da708e2b2ecba557"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e5cbab8ccbfc7d4a3d8a21d3c2a1f2c1aa29b5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35e351780fa9d8240dd6f7e4f245f9ea37e96c19"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/abdb88dd272bbeb93efe01d8e0b7b17e24af3a34"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cec11fa2eb512ebe3a459c185f4aca1d44059bbf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd782da470761077f4d1120e191f1a35787cda6e"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RVGF-69J7-XH78
Vulnerability from github – Published: 2022-06-18 00:00 – Updated: 2023-09-07 18:48Improperly handled errors in @discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @discordjs/opus (<= 0.7.0) are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash due to improperly returning the errors from the invalid inputs.
As of version 0.8.0, the errors are correctly returned to the user and are no longer throwing hard crashes that cannot be recovered.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@discordjs/opus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-25345"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-20T22:30:01Z",
"nvd_published_at": "2022-06-17T20:15:00Z",
"severity": "HIGH"
},
"details": "Improperly handled errors in @discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @discordjs/opus (\u003c= 0.7.0) are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash due to improperly returning the errors from the invalid inputs.\n\nAs of version 0.8.0, the errors are correctly returned to the user and are no longer throwing hard crashes that cannot be recovered.",
"id": "GHSA-rvgf-69j7-xh78",
"modified": "2023-09-07T18:48:21Z",
"published": "2022-06-18T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25345"
},
{
"type": "WEB",
"url": "https://github.com/discordjs/opus/commit/406249f3fca484a2af97a34ceb989019efa09bc7"
},
{
"type": "PACKAGE",
"url": "https://github.com/discordjs/opus"
},
{
"type": "WEB",
"url": "https://github.com/discordjs/opus/blob/3ca4341ffdd81cf83cec57045e59e228e6017590/src/node-opus.cc#L28"
},
{
"type": "WEB",
"url": "https://github.com/discordjs/opus/releases/tag/v0.8.0"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-2403100"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Uncontrolled Resource Consumption in @discordjs/opus"
}
GHSA-RWGG-M734-WVJR
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
iio: light: vcnl4035: fix information leak in triggered buffer
The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read().
Initialize the array to zero before using it to avoid pushing uninitialized information to userspace.
{
"affected": [],
"aliases": [
"CVE-2024-57910"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T12:15:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: vcnl4035: fix information leak in triggered buffer\n\nThe \u0027buffer\u0027 local array is used to push data to userspace from a\ntriggered buffer, but it does not set an initial value for the single\ndata element, which is an u16 aligned to 8 bytes. That leaves at least\n4 bytes uninitialized even after writing an integer value with\nregmap_read().\n\nInitialize the array to zero before using it to avoid pushing\nuninitialized information to userspace.",
"id": "GHSA-rwgg-m734-wvjr",
"modified": "2025-11-03T21:32:13Z",
"published": "2025-01-19T12:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57910"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13e56229fc81051a42731046e200493c4a7c28ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47b43e53c0a0edf5578d5d12f5fc71c019649279"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/47d245be86492974db3aeb048609542167f56518"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a15ea87d4337479c9446b5d71616f4668337afed"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0e9c11c762e4286732d80e66c08c2cb3157b06b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb488706cdec0d6d13f2895bcdf0c32b283a7cc7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6fb1c59776b4263634c472a5be8204c906ffc2c"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RWHP-WR9C-HXX7
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136.
{
"affected": [],
"aliases": [
"CVE-2021-31419"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-29T17:15:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12136.",
"id": "GHSA-rwhp-wr9c-hxx7",
"modified": "2022-05-24T17:49:14Z",
"published": "2022-05-24T17:49:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31419"
},
{
"type": "WEB",
"url": "https://kb.parallels.com/en/125013"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-427"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RWVV-H93R-MW45
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
{
"affected": [],
"aliases": [
"CVE-2020-17482"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-02T09:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.",
"id": "GHSA-rwvv-h93r-mw45",
"modified": "2022-05-24T17:29:59Z",
"published": "2022-05-24T17:29:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17482"
},
{
"type": "WEB",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
},
{
"type": "WEB",
"url": "https://github.com/PowerDNS/pdns"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202012-18"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RX6Q-PX4X-V8CF
Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-42969"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-09T17:17:12Z",
"severity": "MODERATE"
},
"details": "Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.",
"id": "GHSA-rx6q-px4x-v8cf",
"modified": "2026-06-09T18:30:45Z",
"published": "2026-06-09T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42969"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42969"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V2CH-FC8F-QM33
Vulnerability from github – Published: 2022-01-06 22:16 – Updated: 2022-01-07 16:24An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "bite"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-36511"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T18:21:51Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.",
"id": "GHSA-v2ch-fc8f-qm33",
"modified": "2022-01-07T16:24:37Z",
"published": "2022-01-06T22:16:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36511"
},
{
"type": "WEB",
"url": "https://github.com/hinaria/bite/issues/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/hinaria/bite"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/bite/RUSTSEC-2020-0153.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0153.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Uninitialized Resource in bite."
}
GHSA-V2JG-X6CV-QJCG
Vulnerability from github – Published: 2024-07-30 09:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
inet_diag: Initialize pad field in struct inet_diag_req_v2
KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw.
inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup() accesses the sdiag_raw_protocol field.
Fix this by initializing the pad field in inet_diag_get_exact_compat(). Also, do the same fix in inet_diag_dump_compat() to avoid the similar issue in the future.
[1] BUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline] BUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_lookup net/ipv4/raw_diag.c:49 [inline] raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 _syssendmsg+0x7f0/0xb70 net/socket.c:2585 _sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was stored to memory at: raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71 raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99 inet_diag_cmd_exact+0x7d9/0x980 inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline] inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282 netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564 sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297 netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline] netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361 netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x332/0x3d0 net/socket.c:745 _syssendmsg+0x7f0/0xb70 net/socket.c:2585 _sys_sendmsg+0x271/0x3b0 net/socket.c:2639 __sys_sendmsg net/socket.c:2668 [inline] __do_sys_sendmsg net/socket.c:2677 [inline] __se_sys_sendmsg net/socket.c:2675 [inline] __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675 x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable req.i created at: inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline] inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426 sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282
CPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
{
"affected": [],
"aliases": [
"CVE-2024-42106"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-30T08:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet_diag: Initialize pad field in struct inet_diag_req_v2\n\nKMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw\nsockets uses the pad field in struct inet_diag_req_v2 for the\nunderlying protocol. This field corresponds to the sdiag_raw_protocol\nfield in struct inet_diag_req_raw.\n\ninet_diag_get_exact_compat() converts inet_diag_req to\ninet_diag_req_v2, but leaves the pad field uninitialized. So the issue\noccurs when raw_lookup() accesses the sdiag_raw_protocol field.\n\nFix this by initializing the pad field in\ninet_diag_get_exact_compat(). Also, do the same fix in\ninet_diag_dump_compat() to avoid the similar issue in the future.\n\n[1]\nBUG: KMSAN: uninit-value in raw_lookup net/ipv4/raw_diag.c:49 [inline]\nBUG: KMSAN: uninit-value in raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_lookup net/ipv4/raw_diag.c:49 [inline]\n raw_sock_get+0x657/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was stored to memory at:\n raw_sock_get+0x650/0x800 net/ipv4/raw_diag.c:71\n raw_diag_dump_one+0xa1/0x660 net/ipv4/raw_diag.c:99\n inet_diag_cmd_exact+0x7d9/0x980\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1404 [inline]\n inet_diag_rcv_msg_compat+0x469/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n netlink_rcv_skb+0x537/0x670 net/netlink/af_netlink.c:2564\n sock_diag_rcv+0x35/0x40 net/core/sock_diag.c:297\n netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]\n netlink_unicast+0xe74/0x1240 net/netlink/af_netlink.c:1361\n netlink_sendmsg+0x10c6/0x1260 net/netlink/af_netlink.c:1905\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x332/0x3d0 net/socket.c:745\n ____sys_sendmsg+0x7f0/0xb70 net/socket.c:2585\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2639\n __sys_sendmsg net/socket.c:2668 [inline]\n __do_sys_sendmsg net/socket.c:2677 [inline]\n __se_sys_sendmsg net/socket.c:2675 [inline]\n __x64_sys_sendmsg+0x27e/0x4a0 net/socket.c:2675\n x64_sys_call+0x135e/0x3ce0 arch/x86/include/generated/asm/syscalls_64.h:47\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd9/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable req.i created at:\n inet_diag_get_exact_compat net/ipv4/inet_diag.c:1396 [inline]\n inet_diag_rcv_msg_compat+0x2a6/0x530 net/ipv4/inet_diag.c:1426\n sock_diag_rcv_msg+0x23d/0x740 net/core/sock_diag.c:282\n\nCPU: 1 PID: 8888 Comm: syz-executor.6 Not tainted 6.10.0-rc4-00217-g35bb670d65fc #32\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014",
"id": "GHSA-v2jg-x6cv-qjcg",
"modified": "2025-11-04T00:31:05Z",
"published": "2024-07-30T09:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42106"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V36C-PQ4H-93XC
Vulnerability from github – Published: 2022-01-29 00:00 – Updated: 2022-04-20 00:01An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-21217"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-787",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-28T20:15:00Z",
"severity": "CRITICAL"
},
"details": "An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.",
"id": "GHSA-v36c-pq4h-93xc",
"modified": "2022-04-20T00:01:44Z",
"published": "2022-01-29T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21217"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1445"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.