Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-R79F-F2R8-HW82

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-26T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.",
  "id": "GHSA-r79f-f2r8-hw82",
  "modified": "2022-05-24T17:48:52Z",
  "published": "2022-05-24T17:48:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21218"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1166478"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202104-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2021/dsa-4906"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R7RJ-FP7W-X8R3

Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00
VLAI
Details

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-34655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-457",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-04T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-r7rj-fp7w-x8r3",
  "modified": "2022-08-11T00:00:19Z",
  "published": "2022-08-05T00:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34655"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K93504311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R83V-RMQ7-R5M4

Vulnerability from github – Published: 2025-03-04 15:31 – Updated: 2025-03-05 00:30
VLAI
Details

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-04T14:15:39Z",
    "severity": "MODERATE"
  },
  "details": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox \u003c 136.",
  "id": "GHSA-r83v-rmq7-r5m4",
  "modified": "2025-03-05T00:30:34Z",
  "published": "2025-03-04T15:31:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1942"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-14"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-17"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9CG-795W-R2QR

Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2025-09-22 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix crash when mount with quota enabled

There is a reported crash when mounting ocfs2 with quota enabled.

RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2] Call Trace: ocfs2_local_read_info+0xb9/0x6f0 [ocfs2] dquot_load_quota_sb+0x216/0x470 dquot_load_quota_inode+0x85/0x100 ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2] ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2] mount_bdev+0x185/0x1b0 legacy_get_tree+0x27/0x40 vfs_get_tree+0x25/0xb0 path_mount+0x465/0xac0 __x64_sys_mount+0x103/0x140

It is caused by when initializing dqi_gqlock, the corresponding dqi_type and dqi_sb are not properly initialized.

This issue is introduced by commit 6c85c2c72819, which wants to avoid accessing uninitialized variables in error cases. So make global quota info properly initialized.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49274"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix crash when mount with quota enabled\n\nThere is a reported crash when mounting ocfs2 with quota enabled.\n\n  RIP: 0010:ocfs2_qinfo_lock_res_init+0x44/0x50 [ocfs2]\n  Call Trace:\n    ocfs2_local_read_info+0xb9/0x6f0 [ocfs2]\n    dquot_load_quota_sb+0x216/0x470\n    dquot_load_quota_inode+0x85/0x100\n    ocfs2_enable_quotas+0xa0/0x1c0 [ocfs2]\n    ocfs2_fill_super.cold+0xc8/0x1bf [ocfs2]\n    mount_bdev+0x185/0x1b0\n    legacy_get_tree+0x27/0x40\n    vfs_get_tree+0x25/0xb0\n    path_mount+0x465/0xac0\n    __x64_sys_mount+0x103/0x140\n\nIt is caused by when initializing dqi_gqlock, the corresponding dqi_type\nand dqi_sb are not properly initialized.\n\nThis issue is introduced by commit 6c85c2c72819, which wants to avoid\naccessing uninitialized variables in error cases.  So make global quota\ninfo properly initialized.",
  "id": "GHSA-r9cg-795w-r2qr",
  "modified": "2025-09-22T21:30:16Z",
  "published": "2025-09-22T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49274"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/01931e1c4e3de5d777253acae64c0e8fd071a1dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c5312fdb1dcfdc1951b018669af88d5d6420b31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de19433423c7bedabbd4f9a25f7dbc62c5e78921"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eda31f77317647b9fbf889779ee1fb6907651865"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RF5F-Q4MX-QC4V

Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35
VLAI
Details

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-29371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-28T07:15:00Z",
    "severity": "LOW"
  },
  "details": "An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.",
  "id": "GHSA-rf5f-q4mx-qc4v",
  "modified": "2022-05-24T17:35:03Z",
  "published": "2022-05-24T17:35:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29371"
    },
    {
      "type": "WEB",
      "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2077"
    },
    {
      "type": "WEB",
      "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2935e0a3cec1ffa558eea90db6279cff83aa3592"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcf85fcedfdd17911982a3e3564fcfec7b01eebd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RFCQ-Q5WV-MPCG

Vulnerability from github – Published: 2025-10-04 09:30 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Set merge to zero early in af_alg_sendmsg

If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done.

Fix this by setting ctx->merge to zero near the start of the loop.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T08:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Set merge to zero early in af_alg_sendmsg\n\nIf an error causes af_alg_sendmsg to abort, ctx-\u003emerge may contain\na garbage value from the previous loop.  This may then trigger a\ncrash on the next entry into af_alg_sendmsg when it attempts to do\na merge that can\u0027t be done.\n\nFix this by setting ctx-\u003emerge to zero near the start of the loop.",
  "id": "GHSA-rfcq-q5wv-mpcg",
  "modified": "2026-07-14T15:31:28Z",
  "published": "2025-10-04T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39931"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/045ee26aa3920a47ec46d7fcb302420bf01fd753"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2374c11189ef704a3e4863646369f1b8e6a27d71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24c1106504c625fabd3b7229611af617b4c27ac7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/28f6f37abca7c5c9eb3959c66310f1d4d98b8aaf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf5beddf088dc1b8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db2b42425dfbde4983b0c20fb7cfa05f70e6a745"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RFHV-V778-G5C3

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-10-07 18:15
VLAI
Details

A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-10732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-12T14:15:00Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in the Linux kernel\u0027s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.",
  "id": "GHSA-rfhv-v778-g5c3",
  "modified": "2022-10-07T18:15:55Z",
  "published": "2022-05-24T17:20:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10732"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/kmsan/issues/76"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ruscur/linux/commit/a95cdec9fa0c08e6eeb410d461c03af8fd1fef0a"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4485-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4440-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4439-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4427-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4411-1"
    },
    {
      "type": "WEB",
      "url": "https://twitter.com/grsecurity/status/1252558055629299712"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210129-0005"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg@mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/lkml/CAG_fn=VZZ7yUxtOGzuTLkr7wmfXWtKK9BHHYawj=rt9XWnCYvg%40mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=aca969cacf07f41070d788ce2b8ca71f09d5207d"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10732"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831399"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-10732"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4609"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4431"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4062"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:4060"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RG4M-GWW5-7P47

Vulnerability from github – Published: 2021-08-25 20:54 – Updated: 2021-08-19 17:14
VLAI
Summary
Free of uninitialized memory in adtensor
Details

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "adtensor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:14:41Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix.",
  "id": "GHSA-rg4m-gww5-7p47",
  "modified": "2021-08-19T17:14:41Z",
  "published": "2021-08-25T20:54:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29936"
    },
    {
      "type": "WEB",
      "url": "https://github.com/charles-r-earp/adtensor/issues/4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/charles-r-earp/adtensor"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Free of uninitialized memory in adtensor"
}

GHSA-RH89-X75F-RH3C

Vulnerability from github – Published: 2021-08-25 20:44 – Updated: 2023-06-13 18:43
VLAI
Summary
Exposure of uninitialized memory in memoffset
Details

Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "memoffset"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-15553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:23:41Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of this crate caused traps and/or memory unsafety by zero-initializing references. They also could lead to uninitialized memory being dropped if the field for which the offset is requested was behind a deref coercion, and that deref coercion caused a panic. The flaw was corrected by using MaybeUninit.",
  "id": "GHSA-rh89-x75f-rh3c",
  "modified": "2023-06-13T18:43:22Z",
  "published": "2021-08-25T20:44:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15553"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Gilnaa/memoffset"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2019-0011.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of uninitialized memory in memoffset"
}

GHSA-RHJ5-4QQQ-64C2

Vulnerability from github – Published: 2024-11-20 00:32 – Updated: 2024-11-20 18:32
VLAI
Details

In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-9420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-19T22:15:19Z",
    "severity": "MODERATE"
  },
  "details": "In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-rhj5-4qqq-64c2",
  "modified": "2024-11-20T18:32:16Z",
  "published": "2024-11-20T00:32:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9420"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2018-07-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.