CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-33V2-GR7F-4WMR
Vulnerability from github – Published: 2025-06-28 09:30 – Updated: 2025-12-17 18:31In the Linux kernel, the following vulnerability has been resolved:
net: ch9200: fix uninitialised access during mii_nway_restart
In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read():
if (err == size) {
memcpy(data, buf, size);
}
If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read():
return (buff[0] | buff[1] << 8);
The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff".
To fix this we should check the return value of control_read() and return early on error.
{
"affected": [],
"aliases": [
"CVE-2025-38086"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-28T08:15:24Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ch9200: fix uninitialised access during mii_nway_restart\n\nIn mii_nway_restart() the code attempts to call\nmii-\u003emdio_read which is ch9200_mdio_read(). ch9200_mdio_read()\nutilises a local buffer called \"buff\", which is initialised\nwith control_read(). However \"buff\" is conditionally\ninitialised inside control_read():\n\n if (err == size) {\n memcpy(data, buf, size);\n }\n\nIf the condition of \"err == size\" is not met, then\n\"buff\" remains uninitialised. Once this happens the\nuninitialised \"buff\" is accessed and returned during\nch9200_mdio_read():\n\n return (buff[0] | buff[1] \u003c\u003c 8);\n\nThe problem stems from the fact that ch9200_mdio_read()\nignores the return value of control_read(), leading to\nuinit-access of \"buff\".\n\nTo fix this we should check the return value of\ncontrol_read() and return early on error.",
"id": "GHSA-33v2-gr7f-4wmr",
"modified": "2025-12-17T18:31:31Z",
"published": "2025-06-28T09:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38086"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/119766de4930ff40db9f36b960cb53b0c400e81b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/33163c68d2e3061fa3935b5f0a1867958b1cdbd2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4da7fcc098218ff92b2e83a43f545c02f714cedd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6bd2569d0b2f918e9581f744df0263caf73ee76c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9a350f30d65197354706b7759b5c89d6c267b1a9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ad0452c0277b816a435433cca601304cfac7c21"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9da3e442714f7f4393ff01c265c4959c03e88c2f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cdaa6d1cb2ff1219c6c822b27655dd170ffb0f72"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-354C-38FF-3CW6
Vulnerability from github – Published: 2024-06-25 03:31 – Updated: 2024-07-03 18:46A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
{
"affected": [],
"aliases": [
"CVE-2024-37002"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-863",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T03:15:10Z",
"severity": "HIGH"
},
"details": "A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.",
"id": "GHSA-354c-38ff-3cw6",
"modified": "2024-07-03T18:46:48Z",
"published": "2024-06-25T03:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37002"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-365P-M6G8-HHGP
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2022-07-26 00:01A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2021-44003"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied TIFF files. This could allow an attacker to cause a denial-of-service condition.",
"id": "GHSA-365p-m6g8-hhgp",
"modified": "2022-07-26T00:01:12Z",
"published": "2021-12-15T00:01:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44003"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-36QX-FCCG-6873
Vulnerability from github – Published: 2023-06-15 21:30 – Updated: 2024-09-27 18:32The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
{
"affected": [],
"aliases": [
"CVE-2023-2747"
],
"database_specific": {
"cwe_ids": [
"CWE-1204",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-15T20:15:09Z",
"severity": "MODERATE"
},
"details": "\n\n\n\n\nThe initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.\u00a0\n\n\n\n",
"id": "GHSA-36qx-fccg-6873",
"modified": "2024-09-27T18:32:20Z",
"published": "2023-06-15T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2747"
},
{
"type": "WEB",
"url": "https://community.silabs.com/sfc/servlet.shepherd/document/download/0698Y00000U2sFvQAJ?operationContext=S1"
},
{
"type": "WEB",
"url": "https://github.com/SiliconLabs/gecko_sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-36XW-HGFV-JWM7
Vulnerability from github – Published: 2021-08-25 20:48 – Updated: 2023-06-13 16:51arr crate contains multiple security issues. Specifically,
- It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
- Index and IndexMut implementation does not check the array bound.
- Array::new_from_template() drops uninitialized memory.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "arr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35888"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T21:06:43Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "arr crate contains multiple security issues. Specifically,\n\n1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.\n2. Index and IndexMut implementation does not check the array bound.\n3. Array::new_from_template() drops uninitialized memory.\n",
"id": "GHSA-36xw-hgfv-jwm7",
"modified": "2023-06-13T16:51:41Z",
"published": "2021-08-25T20:48:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35888"
},
{
"type": "WEB",
"url": "https://github.com/sjep/array/issues/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/sjep/array"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2020-0034.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr"
}
GHSA-377F-VP77-9JQ4
Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2025-11-26 18:30In the Linux kernel, the following vulnerability has been resolved:
staging: gpib: fix unset padding field copy back to userspace
The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to userspace in function board_info_ioctl. The simplest fix is to initialize the entire struct to zero to ensure all unassigned padding fields are zero'd before being copied back to userspace.
{
"affected": [],
"aliases": [
"CVE-2025-38613"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-19T17:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: gpib: fix unset padding field copy back to userspace\n\nThe introduction of a padding field in the gpib_board_info_ioctl is\nshowing up as initialized data on the stack frame being copyied back\nto userspace in function board_info_ioctl. The simplest fix is to\ninitialize the entire struct to zero to ensure all unassigned padding\nfields are zero\u0027d before being copied back to userspace.",
"id": "GHSA-377f-vp77-9jq4",
"modified": "2025-11-26T18:30:58Z",
"published": "2025-08-19T18:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38613"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19dedd4f70f5a6505e7c601ef7dd40542d1d9aa5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a739d3b13bff0dfa1aec679d08c7062131a2a425"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3786-V5G9-6834
Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2022-04-20 00:01An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21966"
],
"database_specific": {
"cwe_ids": [
"CWE-444",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-16T17:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability.",
"id": "GHSA-3786-v5g9-6834",
"modified": "2022-04-20T00:01:27Z",
"published": "2022-02-17T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21966"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1393"
},
{
"type": "WEB",
"url": "https://www.ti.com/lit/an/swra740/swra740.pdf?ts=1645536893264\u0026"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-37JJ-WP7G-7WJ4
Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2021-08-19 17:53An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "cdr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26305"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:53:09Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "An issue was discovered in Deserializer::read_vec in the cdr crate before 0.2.4 for Rust. A user-provided Read implementation can gain access to the old contents of newly allocated heap memory, violating soundness.",
"id": "GHSA-37jj-wp7g-7wj4",
"modified": "2021-08-19T17:53:09Z",
"published": "2021-08-25T20:53:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26305"
},
{
"type": "WEB",
"url": "https://github.com/hrektts/cdr-rs/issues/10"
},
{
"type": "WEB",
"url": "https://github.com/hrektts/cdr-rs/pull/11"
},
{
"type": "WEB",
"url": "https://github.com/hrektts/cdr-rs/commit/0e6006de464caa331643f86cd2d9ba3b32b09833"
},
{
"type": "PACKAGE",
"url": "https://github.com/hrektts/cdr-rs"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0012.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Read of uninitialized memory in cdr"
}
GHSA-37PG-R5MJ-5Q6W
Vulnerability from github – Published: 2025-01-19 12:31 – Updated: 2025-11-03 21:32In the Linux kernel, the following vulnerability has been resolved:
iio: pressure: zpa2326: fix information leak in triggered buffer
The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized.
Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace.
{
"affected": [],
"aliases": [
"CVE-2024-57912"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-19T12:15:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: zpa2326: fix information leak in triggered buffer\n\nThe \u0027sample\u0027 local struct is used to push data to user space from a\ntriggered buffer, but it has a hole between the temperature and the\ntimestamp (u32 pressure, u16 temperature, GAP, u64 timestamp).\nThis hole is never initialized.\n\nInitialize the struct to zero before using it to avoid pushing\nuninitialized information to userspace.",
"id": "GHSA-37pg-r5mj-5q6w",
"modified": "2025-11-03T21:32:13Z",
"published": "2025-01-19T12:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57912"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6007d10c5262f6f71479627c1216899ea7f09073"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64a989aa7475b8e76e69b9ec86819ea293e53bab"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9629ff1a86823269b12fb1ba9ca4efa945906287"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/979a0db76ceda8fe1f2f85a116bfe97620ebbadf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b7849f62e61242e0e02c776e1109eb81e59c567c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d25f1fc273670271412a52a1efbdaf5dcf274ed8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fefb88a4da961a0b9c2473cbdcfce1a942fcfa9a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-39P8-X6C9-FPRR
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2026-05-12 15:31In the Linux kernel, the following vulnerability has been resolved:
sctp: initialize more fields in sctp_v6_from_sk()
syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior.
Clear sin6_scope_id and sin6_flowinfo.
BUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649 sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983 sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390 sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452 sctp_get_port net/sctp/socket.c:8523 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930 x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Local variable addr.i.i created at: sctp_get_port net/sctp/socket.c:8515 [inline] sctp_listen_start net/sctp/socket.c:8567 [inline] sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636 __sys_listen_socket net/socket.c:1912 [inline] __sys_listen net/socket.c:1927 [inline] __do_sys_listen net/socket.c:1932 [inline] __se_sys_listen net/socket.c:1930 [inline] __x64_sys_listen+0x343/0x4c0 net/socket.c:1930
{
"affected": [],
"aliases": [
"CVE-2025-39812"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T13:15:54Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: initialize more fields in sctp_v6_from_sk()\n\nsyzbot found that sin6_scope_id was not properly initialized,\nleading to undefined behavior.\n\nClear sin6_scope_id and sin6_flowinfo.\n\nBUG: KMSAN: uninit-value in __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n __sctp_v6_cmp_addr+0x887/0x8c0 net/sctp/ipv6.c:649\n sctp_inet6_cmp_addr+0x4f2/0x510 net/sctp/ipv6.c:983\n sctp_bind_addr_conflict+0x22a/0x3b0 net/sctp/bind_addr.c:390\n sctp_get_port_local+0x21eb/0x2440 net/sctp/socket.c:8452\n sctp_get_port net/sctp/socket.c:8523 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x710/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930\n x64_sys_call+0x271d/0x3e20 arch/x86/include/generated/asm/syscalls_64.h:51\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nLocal variable addr.i.i created at:\n sctp_get_port net/sctp/socket.c:8515 [inline]\n sctp_listen_start net/sctp/socket.c:8567 [inline]\n sctp_inet_listen+0x650/0xfd0 net/sctp/socket.c:8636\n __sys_listen_socket net/socket.c:1912 [inline]\n __sys_listen net/socket.c:1927 [inline]\n __do_sys_listen net/socket.c:1932 [inline]\n __se_sys_listen net/socket.c:1930 [inline]\n __x64_sys_listen+0x343/0x4c0 net/socket.c:1930",
"id": "GHSA-39p8-x6c9-fprr",
"modified": "2026-05-12T15:31:08Z",
"published": "2025-09-16T15:32:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39812"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17d6c7747045e9b802c2f5dfaba260d309d831ae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bbc0c02aea1f1c405bd1271466889c25a1fe01b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e8750469242cad8f01f320131fd5a6f540dbb99"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45e4b36593edffb7bbee5828ae820bc10a9fa0f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/463aa96fca6209bb205f49f7deea3817d7ddaa3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/65b4693d8bab5370cfcb44a275b4d8dcb06e56bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9546934c2054bba1bd605c44e936619159a34027"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f6c2cc99fc2387ba6499facd6108f6543382792d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.