CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-VQ8G-VCX9-RMC5
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-10 21:31In the Linux kernel, the following vulnerability has been resolved:
usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
Just like in a previous problem in this driver, usblp_ctrl_msg() will collapse the usb_control_msg() return value to 0/-errno, discarding the actual number of bytes transferred.
Ideally that short command should be detected and error out, but many printers are known to send "incorrect" responses back so we can't just do that.
statusbuf is kmalloc(8) at probe time and never filled before the first LPGETSTATUS ioctl.
usblp_read_status() requests 1 byte. If a malicious printer responds with zero bytes, *statusbuf is one byte of stale kmalloc heap, sign-extended into the local int status, which the LPGETSTATUS path then copy_to_user()s directly to the ioctl caller.
Fix this all by just zapping out the memory buffer when allocated at probe time. If a later call does a short read, the data will be identical to what the device sent it the last time, so there is no "leak" of information happening.
{
"affected": [],
"aliases": [
"CVE-2026-46167"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl\n\nJust like in a previous problem in this driver, usblp_ctrl_msg() will\ncollapse the usb_control_msg() return value to 0/-errno, discarding the\nactual number of bytes transferred.\n\nIdeally that short command should be detected and error out, but many\nprinters are known to send \"incorrect\" responses back so we can\u0027t just\ndo that.\n\nstatusbuf is kmalloc(8) at probe time and never filled before the first\nLPGETSTATUS ioctl.\n\nusblp_read_status() requests 1 byte. If a malicious printer responds\nwith zero bytes, *statusbuf is one byte of stale kmalloc heap,\nsign-extended into the local int status, which the LPGETSTATUS path then\ncopy_to_user()s directly to the ioctl caller.\n\nFix this all by just zapping out the memory buffer when allocated at\nprobe time. If a later call does a short read, the data will be\nidentical to what the device sent it the last time, so there is no\n\"leak\" of information happening.",
"id": "GHSA-vq8g-vcx9-rmc5",
"modified": "2026-06-10T21:31:25Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46167"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/087d97342c100138ea7d75a50977c9c2319f957b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0f7c41314ebf17049917a452684db371babf711a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6b0e7438e31c74b01514d31ff35c1e688c4baaba"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/762a6ccf391db0d629e590a803a3a2231e17dd3f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a502b997668401a6821501fc98b7f9220f9b6ff2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b38e53cbfb9d84732e5984fbd73e128d592415c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cf24991619be317e2769310b4a367bf4a04b82bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d06d937b0a4cdb8867f04275c8100a8b943da31a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQ9V-44RG-M34M
Vulnerability from github – Published: 2022-05-01 23:55 – Updated: 2024-02-09 00:31Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
{
"affected": [],
"aliases": [
"CVE-2008-2934"
],
"database_specific": {
"cwe_ids": [
"CWE-908",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2008-07-18T16:41:00Z",
"severity": "MODERATE"
},
"details": "Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.",
"id": "GHSA-vq9v-44rg-m34m",
"modified": "2024-02-09T00:31:33Z",
"published": "2022-05-01T23:55:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2934"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441360"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43850"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31132"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/31270"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/34501"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1020516"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/30266"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/2125"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/0977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQPG-CFXC-R52F
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-12 21:31In the Linux kernel, the following vulnerability has been resolved:
ipmi: ipmb: initialise event handler read bytes
IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver.
{
"affected": [],
"aliases": [
"CVE-2026-43221"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:41Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ipmb: initialise event handler read bytes\n\nIPMB doesn\u0027t use i2c reads, but the handler needs to set a value.\nOtherwise an i2c read will return an uninitialised value from the bus\ndriver.",
"id": "GHSA-vqpg-cfxc-r52f",
"modified": "2026-05-12T21:31:26Z",
"published": "2026-05-06T12:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43221"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/102712417bb6aa9a00d852bc59cb0a276db486c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2dfbc8c17dd161885336e77e71c336cd62cf6748"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56d5c0557e53c4d8d92a619fa83eaae178165e07"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/905554ebd76aeee370bfd5136ea11e0b9d75c6f1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9f235ccecd03c436cb1683eac16b12f119e54aa9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f726b3a57e00bb6249c67714c11ae8b4b31719a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRFV-M2P8-GW2M
Vulnerability from github – Published: 2025-10-01 12:30 – Updated: 2026-01-17 00:30In the Linux kernel, the following vulnerability has been resolved:
hsr: Fix uninit-value access in fill_frame_info()
Syzbot reports the following uninit-value access problem.
===================================================== BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616 fill_frame_info net/hsr/hsr_forward.c:601 [inline] hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616 hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223 __netdev_start_xmit include/linux/netdevice.h:4889 [inline] netdev_start_xmit include/linux/netdevice.h:4903 [inline] xmit_one net/core/dev.c:3544 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560 __dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340 dev_queue_xmit include/linux/netdevice.h:3082 [inline] packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] __sys_sendto+0x781/0xa30 net/socket.c:2176 __do_sys_sendto net/socket.c:2188 [inline] __se_sys_sendto net/socket.c:2184 [inline] __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82
Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:644 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794 packet_alloc_skb net/packet/af_packet.c:2936 [inline] packet_snd net/packet/af_packet.c:3030 [inline] packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] __sys_sendto+0x781/0xa30 net/socket.c:2176 __do_sys_sendto net/socket.c:2188 [inline] __se_sys_sendto net/socket.c:2184 [inline] __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184 do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline] __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178 do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203 do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246 entry_SYSENTER_compat_after_hwframe+0x70/0x82
It is because VLAN not yet supported in hsr driver. Return error when protocol is ETH_P_8021Q in fill_frame_info() now to fix it.
{
"affected": [],
"aliases": [
"CVE-2023-53462"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T12:15:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in fill_frame_info()\n\nSyzbot reports the following uninit-value access problem.\n\n=====================================================\nBUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:601 [inline]\nBUG: KMSAN: uninit-value in hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n fill_frame_info net/hsr/hsr_forward.c:601 [inline]\n hsr_forward_skb+0x9bd/0x30f0 net/hsr/hsr_forward.c:616\n hsr_dev_xmit+0x192/0x330 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4889 [inline]\n netdev_start_xmit include/linux/netdevice.h:4903 [inline]\n xmit_one net/core/dev.c:3544 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3560\n __dev_queue_xmit+0x34d0/0x52a0 net/core/dev.c:4340\n dev_queue_xmit include/linux/netdevice.h:3082 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nUninit was created at:\n slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\n kmalloc_reserve+0x148/0x470 net/core/skbuff.c:559\n __alloc_skb+0x318/0x740 net/core/skbuff.c:644\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6299\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2794\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n sock_sendmsg net/socket.c:753 [inline]\n __sys_sendto+0x781/0xa30 net/socket.c:2176\n __do_sys_sendto net/socket.c:2188 [inline]\n __se_sys_sendto net/socket.c:2184 [inline]\n __ia32_sys_sendto+0x11f/0x1c0 net/socket.c:2184\n do_syscall_32_irqs_on arch/x86/entry/common.c:112 [inline]\n __do_fast_syscall_32+0xa2/0x100 arch/x86/entry/common.c:178\n do_fast_syscall_32+0x37/0x80 arch/x86/entry/common.c:203\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:246\n entry_SYSENTER_compat_after_hwframe+0x70/0x82\n\nIt is because VLAN not yet supported in hsr driver. Return error\nwhen protocol is ETH_P_8021Q in fill_frame_info() now to fix it.",
"id": "GHSA-vrfv-m2p8-gw2m",
"modified": "2026-01-17T00:30:23Z",
"published": "2025-10-01T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53462"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e90a93ac4845c31724ec5dc96fb51e608435a9d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/484b4833c604c0adcf19eac1ca14b60b757355b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/61866f7d814e5792bf47410d7d3ff32e49bd292a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6a4480c5e6ebaf9f797ac300e2a97a02d4e70cfd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed7a0ba7e840dc5d54cdbd8466be27e6aedce1e5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VV24-23FC-H8GH
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
{
"affected": [],
"aliases": [
"CVE-2017-4905"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-07T18:29:00Z",
"severity": "MODERATE"
},
"details": "VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.",
"id": "GHSA-vv24-23fc-h8gh",
"modified": "2022-05-13T01:03:59Z",
"published": "2022-05-13T01:03:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4905"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97164"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038148"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038149"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VVQM-MMW4-QWG5
Vulnerability from github – Published: 2025-03-25 06:30 – Updated: 2025-03-25 06:30Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
{
"affected": [],
"aliases": [
"CVE-2025-27810"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-25T06:15:41Z",
"severity": "MODERATE"
},
"details": "Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.",
"id": "GHSA-vvqm-mmw4-qwg5",
"modified": "2025-03-25T06:30:28Z",
"published": "2025-03-25T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27810"
},
{
"type": "WEB",
"url": "https://github.com/Mbed-TLS/mbedtls/releases"
},
{
"type": "WEB",
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VVR2-3QVQ-F857
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807
{
"affected": [],
"aliases": [
"CVE-2020-0007"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-08T19:15:00Z",
"severity": "LOW"
},
"details": "In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807",
"id": "GHSA-vvr2-3qvq-f857",
"modified": "2022-05-24T17:05:53Z",
"published": "2022-05-24T17:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0007"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-06"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VW5M-QW2R-M923
Vulnerability from github – Published: 2022-01-06 22:11 – Updated: 2022-01-07 17:13An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "messagepack-rs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45690"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T16:39:25Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.",
"id": "GHSA-vw5m-qw2r-m923",
"modified": "2022-01-07T17:13:28Z",
"published": "2022-01-06T22:11:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45690"
},
{
"type": "WEB",
"url": "https://github.com/otake84/messagepack-rs/issues/2"
},
{
"type": "PACKAGE",
"url": "https://github.com/otake84/messagepack-rs"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/messagepack-rs/RUSTSEC-2021-0092.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0092.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use of Uninitialized Resource in messagepack-rs."
}
GHSA-VXCV-H5WJ-JXR5
Vulnerability from github – Published: 2026-07-15 18:31 – Updated: 2026-07-15 18:31NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.
Impact: This vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only. Note: The ngx_http_slice_module module is not enabled by default; it's enabled with the --with-http_slice_module configuration parameter.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2026-60005"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T16:16:49Z",
"severity": "HIGH"
},
"details": "NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_slice_module module. When the slice\u00a0directive and unnamed regex captures are configured or when a background cache update happens, unauthenticated attackers can send requests that may cause uninitialized memory access in the NGINX worker process, leading to limited disclosure of memory or a restart.\n\nImpact:\nThis vulnerability may allow remote, unauthenticated attackers to have limited control to disclose memory contents or restart the NGINX worker process. There is no control plane exposure; this is a data plane issue only.\nNote: The ngx_http_slice_module\u00a0module is not enabled by default; it\u0027s enabled with the --with-http_slice_module\u00a0configuration parameter.\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-vxcv-h5wj-jxr5",
"modified": "2026-07-15T18:31:55Z",
"published": "2026-07-15T18:31:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-60005"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000162100"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-VXX9-9GJR-JRJ2
Vulnerability from github – Published: 2026-01-13 18:31 – Updated: 2026-03-25 18:31In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is invalid if it does not.
Use the nl parsing logic properly and call nla_parse_deprecated() to fill the nlattrs array and then directly index that array to get the data for the DGID. Just fail if it is NULL.
Remove the for loop searching for the nla, and squash the validation and parsing into one function.
Fixes an uninitialized read from the stack triggered by userspace if it does not provide the DGID to a kernel initiated RDMA_NL_LS_OP_IP_RESOLVE query.
BUG: KMSAN: uninit-value in hex_byte_pack include/linux/hex.h:13 [inline]
BUG: KMSAN: uninit-value in ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490
hex_byte_pack include/linux/hex.h:13 [inline]
ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490
ip6_addr_string+0x18a/0x3e0 lib/vsprintf.c:1509
ip_addr_string+0x245/0xee0 lib/vsprintf.c:1633
pointer+0xc09/0x1bd0 lib/vsprintf.c:2542
vsnprintf+0xf8a/0x1bd0 lib/vsprintf.c:2930
vprintk_store+0x3ae/0x1530 kernel/printk/printk.c:2279
vprintk_emit+0x307/0xcd0 kernel/printk/printk.c:2426
vprintk_default+0x3f/0x50 kernel/printk/printk.c:2465
vprintk+0x36/0x50 kernel/printk/printk_safe.c:82
_printk+0x17e/0x1b0 kernel/printk/printk.c:2475
ib_nl_process_good_ip_rsep drivers/infiniband/core/addr.c:128 [inline]
ib_nl_handle_ip_res_resp+0x963/0x9d0 drivers/infiniband/core/addr.c:141
rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]
rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
rdma_nl_rcv+0xefa/0x11c0 drivers/infiniband/core/netlink.c:259
netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]
netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1346
netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1896
sock_sendmsg_nosec net/socket.c:714 [inline]
__sock_sendmsg+0x333/0x3d0 net/socket.c:729
____sys_sendmsg+0x7e0/0xd80 net/socket.c:2617
___sys_sendmsg+0x271/0x3b0 net/socket.c:2671
__sys_sendmsg+0x1aa/0x300 net/socket.c:2703
__compat_sys_sendmsg net/compat.c:346 [inline]
__do_compat_sys_sendmsg net/compat.c:353 [inline]
__se_compat_sys_sendmsg net/compat.c:350 [inline]
__ia32_compat_sys_sendmsg+0xa4/0x100 net/compat.c:350
ia32_sys_call+0x3f6c/0x4310 arch/x86/include/generated/asm/syscalls_32.h:371
do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]
__do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306
do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331
do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:3
{
"affected": [],
"aliases": [
"CVE-2025-71096"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T16:16:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly\n\nThe netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a\nLS_NLA_TYPE_DGID attribute, it is invalid if it does not.\n\nUse the nl parsing logic properly and call nla_parse_deprecated() to fill\nthe nlattrs array and then directly index that array to get the data for\nthe DGID. Just fail if it is NULL.\n\nRemove the for loop searching for the nla, and squash the validation and\nparsing into one function.\n\nFixes an uninitialized read from the stack triggered by userspace if it\ndoes not provide the DGID to a kernel initiated RDMA_NL_LS_OP_IP_RESOLVE\nquery.\n\n BUG: KMSAN: uninit-value in hex_byte_pack include/linux/hex.h:13 [inline]\n BUG: KMSAN: uninit-value in ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490\n hex_byte_pack include/linux/hex.h:13 [inline]\n ip6_string+0xef4/0x13a0 lib/vsprintf.c:1490\n ip6_addr_string+0x18a/0x3e0 lib/vsprintf.c:1509\n ip_addr_string+0x245/0xee0 lib/vsprintf.c:1633\n pointer+0xc09/0x1bd0 lib/vsprintf.c:2542\n vsnprintf+0xf8a/0x1bd0 lib/vsprintf.c:2930\n vprintk_store+0x3ae/0x1530 kernel/printk/printk.c:2279\n vprintk_emit+0x307/0xcd0 kernel/printk/printk.c:2426\n vprintk_default+0x3f/0x50 kernel/printk/printk.c:2465\n vprintk+0x36/0x50 kernel/printk/printk_safe.c:82\n _printk+0x17e/0x1b0 kernel/printk/printk.c:2475\n ib_nl_process_good_ip_rsep drivers/infiniband/core/addr.c:128 [inline]\n ib_nl_handle_ip_res_resp+0x963/0x9d0 drivers/infiniband/core/addr.c:141\n rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:-1 [inline]\n rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]\n rdma_nl_rcv+0xefa/0x11c0 drivers/infiniband/core/netlink.c:259\n netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\n netlink_unicast+0xf04/0x12b0 net/netlink/af_netlink.c:1346\n netlink_sendmsg+0x10b3/0x1250 net/netlink/af_netlink.c:1896\n sock_sendmsg_nosec net/socket.c:714 [inline]\n __sock_sendmsg+0x333/0x3d0 net/socket.c:729\n ____sys_sendmsg+0x7e0/0xd80 net/socket.c:2617\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2671\n __sys_sendmsg+0x1aa/0x300 net/socket.c:2703\n __compat_sys_sendmsg net/compat.c:346 [inline]\n __do_compat_sys_sendmsg net/compat.c:353 [inline]\n __se_compat_sys_sendmsg net/compat.c:350 [inline]\n __ia32_compat_sys_sendmsg+0xa4/0x100 net/compat.c:350\n ia32_sys_call+0x3f6c/0x4310 arch/x86/include/generated/asm/syscalls_32.h:371\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n __do_fast_syscall_32+0xb0/0x150 arch/x86/entry/syscall_32.c:306\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/syscall_32.c:331\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/syscall_32.c:3",
"id": "GHSA-vxx9-9gjr-jrj2",
"modified": "2026-03-25T18:31:34Z",
"published": "2026-01-13T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71096"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b948afc1ded88b3562c893114387f34389eeb94"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/376f46c8983458ead26cac83aa897a0b78491831"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45532638de5da24c201aa2a9b3dd4b054064de7b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d85524789c2f17c0e87de8d596bcccc3683a1fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a7b8e876e0ef0232b8076972c57ce9a7286b47ca"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/acadd4097d25d6bd472bcb3f9f3eba2b5105d1ec"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bfe10318fc23e0b3f1d0a18dad387d29473a624d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.