CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-3MX8-688W-X5VH
Vulnerability from github – Published: 2025-09-15 15:31 – Updated: 2025-12-04 21:31In the Linux kernel, the following vulnerability has been resolved:
chardev: fix error handling in cdev_device_add()
While doing fault injection test, I got the following report:
------------[ cut here ]------------ kobject: '(null)' (0000000039956980): is not initialized, yet kobject_put() is being called. WARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0 CPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:kobject_put+0x23d/0x4e0 Call Trace: cdev_device_add+0x15e/0x1b0 __iio_device_register+0x13b4/0x1af0 [industrialio] __devm_iio_device_register+0x22/0x90 [industrialio] max517_probe+0x3d8/0x6b4 [max517] i2c_device_probe+0xa81/0xc00
When device_add() is injected fault and returns error, if dev->devt is not set, cdev_add() is not called, cdev_del() is not needed. Fix this by checking dev->devt in error path.
{
"affected": [],
"aliases": [
"CVE-2022-50282"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:39Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nchardev: fix error handling in cdev_device_add()\n\nWhile doing fault injection test, I got the following report:\n\n------------[ cut here ]------------\nkobject: \u0027(null)\u0027 (0000000039956980): is not initialized, yet kobject_put() is being called.\nWARNING: CPU: 3 PID: 6306 at kobject_put+0x23d/0x4e0\nCPU: 3 PID: 6306 Comm: 283 Tainted: G W 6.1.0-rc2-00005-g307c1086d7c9 #1253\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:kobject_put+0x23d/0x4e0\nCall Trace:\n \u003cTASK\u003e\n cdev_device_add+0x15e/0x1b0\n __iio_device_register+0x13b4/0x1af0 [industrialio]\n __devm_iio_device_register+0x22/0x90 [industrialio]\n max517_probe+0x3d8/0x6b4 [max517]\n i2c_device_probe+0xa81/0xc00\n\nWhen device_add() is injected fault and returns error, if dev-\u003edevt is not set,\ncdev_add() is not called, cdev_del() is not needed. Fix this by checking dev-\u003edevt\nin error path.",
"id": "GHSA-3mx8-688w-x5vh",
"modified": "2025-12-04T21:31:01Z",
"published": "2025-09-15T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50282"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/11fa7fefe3d8fac7da56bc9aa3dd5fb3081ca797"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28dc61cc49c6e995121c6d86bef4b73df78dda80"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/34d17b39bceef25e4cf9805cd59250ae05d0a139"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5d2146889fad4cb9e6c13e790d4cfd871486eca8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6acf8597c5b04f455ee0649e11e5f3bcd28f381e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/85a5660491b507d33662b8e81c142e6041e642eb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5de1eac71fec1af7723f1083d23a24789fd795c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c46db6088bccff5115674d583fef46ede80077a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d85b5247a79355b8432bfd9ac871f96117f750d4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3P2V-4QJ8-6W5F
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2025-03-06 15:34In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-core: explicitly clear ioctl input data
As seen from a recent syzbot bug report, mistakes in the compat ioctl implementation can lead to uninitialized kernel stack data getting used as input for driver ioctl handlers.
The reported bug is now fixed, but it's possible that other related bugs are still present or get added in the future. As the drivers need to check user input already, the possible impact is fairly low, but it might still cause an information leak.
To be on the safe side, always clear the entire ioctl buffer before calling the conversion handler functions that are meant to initialize them.
{
"affected": [],
"aliases": [
"CVE-2021-47339"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-core: explicitly clear ioctl input data\n\nAs seen from a recent syzbot bug report, mistakes in the compat ioctl\nimplementation can lead to uninitialized kernel stack data getting used\nas input for driver ioctl handlers.\n\nThe reported bug is now fixed, but it\u0027s possible that other related\nbugs are still present or get added in the future. As the drivers need\nto check user input already, the possible impact is fairly low, but it\nmight still cause an information leak.\n\nTo be on the safe side, always clear the entire ioctl buffer before\ncalling the conversion handler functions that are meant to initialize\nthem.",
"id": "GHSA-3p2v-4qj8-6w5f",
"modified": "2025-03-06T15:34:35Z",
"published": "2024-05-21T15:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47339"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b53cca764f9b291b7907fcd39d9e66ad728ee0b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bfb48b54db25c3b4ef4bef5e0691464ebc4aa335"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dc02c0b2bd6096f2f3ce63e1fc317aeda05f74d8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3PJ9-HHGF-F53Q
Vulnerability from github – Published: 2025-10-24 21:31 – Updated: 2025-10-24 21:31In the Linux kernel, the following vulnerability has been resolved:
clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds.
There are two ways to fix it:
- Remove __init
- Remove EXPORT_SYMBOL
I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)
{
"affected": [],
"aliases": [
"CVE-2022-49726"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:48Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: hyper-v: unexport __init-annotated hv_init_clocksource()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\narch/x86/kernel/cpu/mshyperv.c is never compiled as modular.\n(CONFIG_HYPERVISOR_GUEST is boolean)",
"id": "GHSA-3pj9-hhgf-f53q",
"modified": "2025-10-24T21:31:09Z",
"published": "2025-10-24T21:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49726"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3PMW-H7MC-VXXQ
Vulnerability from github – Published: 2024-03-18 12:30 – Updated: 2025-03-10 18:31In the Linux kernel, the following vulnerability has been resolved:
ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()
syzbot found __ip6_tnl_rcv() could access unitiliazed data [1].
Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head.
[1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b
Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b
CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
{
"affected": [],
"aliases": [
"CVE-2024-26641"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-18T11:15:11Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\n\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\n\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb-\u003ehead.\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:461 [inline]\n ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n netif_receive_skb_internal net/core/dev.c:5732 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n tun_alloc_skb drivers/net/tun.c:1531 [inline]\n tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023",
"id": "GHSA-3pmw-h7mc-vxxq",
"modified": "2025-03-10T18:31:50Z",
"published": "2024-03-18T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26641"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0008"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3Q68-HM47-94VG
Vulnerability from github – Published: 2024-09-04 00:31 – Updated: 2025-11-04 00:31A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
{
"affected": [],
"aliases": [
"CVE-2024-45615"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-03T22:15:04Z",
"severity": "LOW"
},
"details": "A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.",
"id": "GHSA-3q68-hm47-94vg",
"modified": "2025-11-04T00:31:20Z",
"published": "2024-09-04T00:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45615"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-45615"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309285"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-3QVH-3PW4-RWQJ
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2010-2556"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-11T18:47:00Z",
"severity": "HIGH"
},
"details": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"",
"id": "GHSA-3qvh-3pw4-rwqj",
"modified": "2022-05-13T01:03:31Z",
"published": "2022-05-13T01:03:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2556"
},
{
"type": "WEB",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3R8R-7QH7-3HH4
Vulnerability from github – Published: 2025-03-13 18:32 – Updated: 2025-08-19 15:31A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2025-1427"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-13T17:15:34Z",
"severity": "HIGH"
},
"details": "A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
"id": "GHSA-3r8r-7qh7-3hh4",
"modified": "2025-08-19T15:31:18Z",
"published": "2025-03-13T18:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1427"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3RMH-CWQH-9CRC
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2022-26370"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "HIGH"
},
"details": "On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-3rmh-cwqh-9crc",
"modified": "2022-05-14T00:01:38Z",
"published": "2022-05-06T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26370"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K51539421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V6F-R45V-H8FJ
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2023-12-20 09:30When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
{
"affected": [],
"aliases": [
"CVE-2023-32213"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:13Z",
"severity": "HIGH"
},
"details": "When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox \u003c 113, Firefox ESR \u003c 102.11, and Thunderbird \u003c 102.11.",
"id": "GHSA-3v6f-r45v-h8fj",
"modified": "2023-12-20T09:30:25Z",
"published": "2023-06-02T18:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32213"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826666"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202312-03"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-16"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-17"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-18"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3V9Q-M8X4-6CRJ
Vulnerability from github – Published: 2025-03-14 00:30 – Updated: 2025-03-14 00:30In the Linux kernel, the following vulnerability has been resolved:
rtl818x: Prevent using not initialized queues
Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum:
https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html
He also confirmed that this patch fixes the issue. In summary this happened:
After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a "divide error: 0000" when connecting to an AP. Control port tx now tries to use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in 2.10.
Since only the rtl8187se part of the driver supports QoS, the priority of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 cards.
rtl8180 is then unconditionally reading out the priority and finally crashes on drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this patch: idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries
"ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got initialized.
{
"affected": [],
"aliases": [
"CVE-2022-49326"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:09Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtl818x: Prevent using not initialized queues\n\nUsing not existing queues can panic the kernel with rtl8180/rtl8185 cards.\nIgnore the skb priority for those cards, they only have one tx queue. Pierre\nAsselin (pa@panix.com) reported the kernel crash in the Gentoo forum:\n\nhttps://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html\n\nHe also confirmed that this patch fixes the issue. In summary this happened:\n\nAfter updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a\n\"divide error: 0000\" when connecting to an AP. Control port tx now tries to\nuse IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in\n2.10.\n\nSince only the rtl8187se part of the driver supports QoS, the priority\nof the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185\ncards.\n\nrtl8180 is then unconditionally reading out the priority and finally crashes on\ndrivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this\npatch:\n\tidx = (ring-\u003eidx + skb_queue_len(\u0026ring-\u003equeue)) % ring-\u003eentries\n\n\"ring-\u003eentries\" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got\ninitialized.",
"id": "GHSA-3v9q-m8x4-6crj",
"modified": "2025-03-14T00:30:51Z",
"published": "2025-03-14T00:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49326"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.