CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-R243-XCVF-H6CR
Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 21:31In the Linux kernel, the following vulnerability has been resolved:
media: cxusb: no longer judge rbuf when the write fails
syzbot reported a uninit-value in cxusb_i2c_xfer. [1]
Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greater than 0, the read operation of usb_bulk_msg() will be executed to read rlen bytes of data from the dvb device into the rbuf.
In this case, although rlen is 1, the write operation failed which resulted in the dvb read operation not being executed, and ultimately variable i was not initialized.
[1] BUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] BUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline] cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196 __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1 i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315 i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343 i2c_master_send include/linux/i2c.h:109 [inline] i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183 do_loop_readv_writev fs/read_write.c:848 [inline] vfs_writev+0x963/0x14e0 fs/read_write.c:1057 do_writev+0x247/0x5c0 fs/read_write.c:1101 __do_sys_writev fs/read_write.c:1169 [inline] __se_sys_writev fs/read_write.c:1166 [inline] __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166 x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
{
"affected": [],
"aliases": [
"CVE-2025-38229"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-04T14:15:32Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cxusb: no longer judge rbuf when the write fails\n\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\n\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\n\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\n cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n __i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\n i2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\n i2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\n i2c_master_send include/linux/i2c.h:109 [inline]\n i2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\n do_loop_readv_writev fs/read_write.c:848 [inline]\n vfs_writev+0x963/0x14e0 fs/read_write.c:1057\n do_writev+0x247/0x5c0 fs/read_write.c:1101\n __do_sys_writev fs/read_write.c:1169 [inline]\n __se_sys_writev fs/read_write.c:1166 [inline]\n __x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\n x64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"id": "GHSA-r243-xcvf-h6cr",
"modified": "2025-12-18T21:31:34Z",
"published": "2025-07-04T15:31:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38229"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04354c529c8246a38ae28f713fd6bfdc028113bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/390b864e3281802109dfe56e508396683e125653"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/41807a5f67420464ac8ee7741504f6b5decb3b7c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/73fb3b92da84637e3817580fa205d48065924e15"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/77829a5f5a74026b888b0529628475b29750cef4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84eca597baa346f09b30accdaeca10ced3eeba2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b35b50b7e98d8e9a0a27257c8424448afae10de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9bff888c92f5c25effbb876d22a793c2388c1ccc"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R2JH-H942-FGWW
Vulnerability from github – Published: 2025-03-07 09:30 – Updated: 2025-03-13 15:32In the Linux kernel, the following vulnerability has been resolved:
drm/panthor: avoid garbage value in panthor_ioctl_dev_query()
'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize 'priorities_info' to avoid this garbage value problem.
{
"affected": [],
"aliases": [
"CVE-2025-21843"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-07T09:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: avoid garbage value in panthor_ioctl_dev_query()\n\n\u0027priorities_info\u0027 is uninitialized, and the uninitialized value is copied\nto user object when calling PANTHOR_UOBJ_SET(). Using memset to initialize\n\u0027priorities_info\u0027 to avoid this garbage value problem.",
"id": "GHSA-r2jh-h942-fgww",
"modified": "2025-03-13T15:32:55Z",
"published": "2025-03-07T09:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21843"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b32b7f638fe61e9d29290960172f4e360e38233"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/64b95bbc08bacf3e4b05c8604e6a4fec43bb712a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R3Q8-XM3R-6V78
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-11 09:30In the Linux kernel, the following vulnerability has been resolved:
net: nfc: nci: Fix parameter validation for packet data
Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for packet data") communication with nci nfc chips is not working any more.
The mentioned commit tries to fix access of uninitialized data, but failed to understand that in some cases the data packet is of variable length and can therefore not be compared to the maximum packet length given by the sizeof(struct).
{
"affected": [],
"aliases": [
"CVE-2026-43291"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:36Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: nci: Fix parameter validation for packet data\n\nSince commit 9c328f54741b (\"net: nfc: nci: Add parameter validation for\npacket data\") communication with nci nfc chips is not working any more.\n\nThe mentioned commit tries to fix access of uninitialized data, but\nfailed to understand that in some cases the data packet is of variable\nlength and can therefore not be compared to the maximum packet length\ngiven by the sizeof(struct).",
"id": "GHSA-r3q8-xm3r-6v78",
"modified": "2026-05-11T09:30:29Z",
"published": "2026-05-08T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43291"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b91160e9a91b5a2662875417dc42dc5b0bf03ea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/498fc5d0d650c77e87fcc73808d4f43240c21805"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/571dcbeb8e635182bb825ae758399831805693c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a24a8a582da4426b2042e510a1080df84083b51d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad058a4317db7fdb3f09caa6ed536d24a62ce6a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c692db813a7e3b7c3c17d6e9a3ad2a018bf1142b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f5218426f765eee22e178df9c126d974792fb6a5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R475-J35V-6JMM
Vulnerability from github – Published: 2023-02-01 18:30 – Updated: 2023-02-09 15:30On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2023-22281"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-01T18:15:00Z",
"severity": "HIGH"
},
"details": "On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-r475-j35v-6jmm",
"modified": "2023-02-09T15:30:27Z",
"published": "2023-02-01T18:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22281"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K46048342"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R53H-JV2G-VPX6
Vulnerability from github – Published: 2024-02-22 19:34 – Updated: 2024-07-08 12:59A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.
Impact
When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm.
In the Helm SDK this is found when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation.
Patches
This issue has been resolved in Helm v3.14.2.
Workarounds
If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.
If using Helm SDK versions prior to 3.14.2, calls to affected functions can use recover to catch the panic.
For more information
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "helm.sh/helm/v3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-26147"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-22T19:34:47Z",
"nvd_published_at": "2024-02-21T23:15:08Z",
"severity": "HIGH"
},
"details": "A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.\n\n### Impact\n\nWhen either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm.\n\nIn the Helm SDK this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation.\n\n### Patches\n\nThis issue has been resolved in Helm v3.14.2.\n\n### Workarounds\n\nIf a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem.\n\nIf using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic.\n\n### For more information\n\nHelm\u0027s security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document.\n\n### Credits\n\nDisclosed by Jakub Ciolek at AlphaSense.",
"id": "GHSA-r53h-jv2g-vpx6",
"modified": "2024-07-08T12:59:50Z",
"published": "2024-02-22T19:34:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26147"
},
{
"type": "WEB",
"url": "https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af"
},
{
"type": "PACKAGE",
"url": "https://github.com/helm/helm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Helm\u0027s Missing YAML Content Leads To Panic"
}
GHSA-R553-V847-23PR
Vulnerability from github – Published: 2024-02-22 06:30 – Updated: 2024-08-01 15:31A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed through Autodesk AutoCAD can be used to uninitialized variable. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
{
"affected": [],
"aliases": [
"CVE-2024-23137"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-22T05:15:09Z",
"severity": "HIGH"
},
"details": "A maliciously crafted STP or SLDPRT file when ODXSW_DLL.dll parsed through Autodesk AutoCAD can be used to uninitialized variable. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.",
"id": "GHSA-r553-v847-23pr",
"modified": "2024-08-01T15:31:27Z",
"published": "2024-02-22T06:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23137"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R67F-XMR7-94CC
Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-03-24 21:31Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4716"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T13:16:07Z",
"severity": "CRITICAL"
},
"details": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149 and Firefox ESR \u003c 140.9.",
"id": "GHSA-r67f-xmr7-94cc",
"modified": "2026-03-24T21:31:22Z",
"published": "2026-03-24T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4716"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R68F-7GXP-FM56
Vulnerability from github – Published: 2022-12-13 21:30 – Updated: 2022-12-19 15:30Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.
{
"affected": [],
"aliases": [
"CVE-2022-2950"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T21:15:00Z",
"severity": "HIGH"
},
"details": "Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.",
"id": "GHSA-r68f-7gxp-fm56",
"modified": "2022-12-19T15:30:29Z",
"published": "2022-12-13T21:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2950"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-284-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R6FF-2Q3C-V3PV
Vulnerability from github – Published: 2021-08-25 21:00 – Updated: 2021-08-09 17:13Affected versions of the pnet crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-09T17:13:06Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "Affected versions of the `pnet` crate were optimized out by compiler, which caused dereference of uninitialized file descriptor which caused segfault.",
"id": "GHSA-r6ff-2q3c-v3pv",
"modified": "2021-08-09T17:13:06Z",
"published": "2021-08-25T21:00:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/libpnet/libpnet/issues/449"
},
{
"type": "WEB",
"url": "https://github.com/libpnet/libpnet/pull/455"
},
{
"type": "PACKAGE",
"url": "https://github.com/libpnet/libpnet"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2019-0037.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Compiler optimisation leads to SEGFAULT"
}
GHSA-R77M-FR9V-2JVR
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-3989"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-05T23:29:00Z",
"severity": "MODERATE"
},
"details": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.",
"id": "GHSA-r77m-fr9v-2jvr",
"modified": "2022-05-13T01:01:47Z",
"published": "2022-05-13T01:01:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3989"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.