Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-39Q5-4VQC-9P73

Vulnerability from github – Published: 2025-08-19 18:31 – Updated: 2026-01-09 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

pptp: ensure minimal skb length in pptp_xmit()

Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge()

We need a similar fix in pptp_xmit(), otherwise we might read uninit data as reported by syzbot.

BUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline] ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314 pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148 __release_sock+0x1d3/0x330 net/core/sock.c:3213 release_sock+0x6b/0x270 net/core/sock.c:3767 pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x330/0x3d0 net/socket.c:727 _syssendmsg+0x893/0xd80 net/socket.c:2566 _sys_sendmsg+0x271/0x3b0 net/socket.c:2620 __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38574"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-19T17:15:34Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npptp: ensure minimal skb length in pptp_xmit()\n\nCommit aabc6596ffb3 (\"net: ppp: Add bound checking for skb data\non ppp_sync_txmung\") fixed ppp_sync_txmunge()\n\nWe need a similar fix in pptp_xmit(), otherwise we might\nread uninit data as reported by syzbot.\n\nBUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n  pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n  ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]\n  ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314\n  pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379\n  sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n  __release_sock+0x1d3/0x330 net/core/sock.c:3213\n  release_sock+0x6b/0x270 net/core/sock.c:3767\n  pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904\n  sock_sendmsg_nosec net/socket.c:712 [inline]\n  __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n  ____sys_sendmsg+0x893/0xd80 net/socket.c:2566\n  ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n  __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709",
  "id": "GHSA-39q5-4vqc-9p73",
  "modified": "2026-01-09T15:30:22Z",
  "published": "2025-08-19T18:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38574"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1a04db0fd75cb6034fc27a56b67b3b8b9022a98c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/26672f1679b143aa34fca0b6046b7fd0c184770d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5005d24377378a20e5c0e53052fc4ebdcdcbc611"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/504cc4ab91073d2ac7404ad146139f86ecee7193"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5de7513f38f3c19c0610294ee478242bea356f8c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/97b8c5d322c5c0038cac4bc56fdbe237d0be426f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b7dcda76fd0615c0599c89f36873a6cd48e02dbb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/de9c4861fb42f0cd72da844c3c34f692d5895b7b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ea99b88b1999ebcb24d5d3a6b7910030f40d3bba"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3CCP-5V4P-6XPQ

Vulnerability from github – Published: 2025-12-12 09:30 – Updated: 2025-12-12 09:30
VLAI
Details

A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-40829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-12T09:15:49Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27146)",
  "id": "GHSA-3ccp-5v4p-6xpq",
  "modified": "2025-12-12T09:30:20Z",
  "published": "2025-12-12T09:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40829"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-512988.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3FFP-FFXG-JV46

Vulnerability from github – Published: 2024-09-18 09:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup

Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel panic.

? page_fault_oops+0x136/0x2b0 ? page_counter_cancel+0x2e/0x80 ? do_user_addr_fault+0x2f2/0x640 ? refill_obj_stock+0xc4/0x110 ? exc_page_fault+0x71/0x160 ? asm_exc_page_fault+0x27/0x30 ? __mmdrop+0x10/0x180 ? __mmdrop+0xec/0x180 ? hrtimer_active+0xd/0x50 hrtimer_try_to_cancel+0x2c/0xf0 hrtimer_cancel+0x15/0x30 napi_disable+0x65/0x90 mana_destroy_rxq+0x4c/0x2f0 mana_create_rxq.isra.0+0x56c/0x6d0 ? mana_uncfg_vport+0x50/0x50 mana_alloc_queues+0x21b/0x320 ? skb_dequeue+0x5f/0x80

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46784"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-18T08:15:05Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix error handling in mana_create_txq/rxq\u0027s NAPI cleanup\n\nCurrently napi_disable() gets called during rxq and txq cleanup,\neven before napi is enabled and hrtimer is initialized. It causes\nkernel panic.\n\n? page_fault_oops+0x136/0x2b0\n  ? page_counter_cancel+0x2e/0x80\n  ? do_user_addr_fault+0x2f2/0x640\n  ? refill_obj_stock+0xc4/0x110\n  ? exc_page_fault+0x71/0x160\n  ? asm_exc_page_fault+0x27/0x30\n  ? __mmdrop+0x10/0x180\n  ? __mmdrop+0xec/0x180\n  ? hrtimer_active+0xd/0x50\n  hrtimer_try_to_cancel+0x2c/0xf0\n  hrtimer_cancel+0x15/0x30\n  napi_disable+0x65/0x90\n  mana_destroy_rxq+0x4c/0x2f0\n  mana_create_rxq.isra.0+0x56c/0x6d0\n  ? mana_uncfg_vport+0x50/0x50\n  mana_alloc_queues+0x21b/0x320\n  ? skb_dequeue+0x5f/0x80",
  "id": "GHSA-3ffp-ffxg-jv46",
  "modified": "2025-11-04T00:31:29Z",
  "published": "2024-09-18T09:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46784"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/386617efacab10bf5bb40bde403467c57cc00470"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4982a47154f0b50de81ee0a0b169a3fc74120a65"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9178eb8ebcd887ab75e54ac40d538e54bb9c7788"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9e0bff4900b5d412a9bafe4baeaa6facd34f671c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b6ecc662037694488bfff7c9fd21c405df8411f2"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FH4-4HV7-69QH

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-01-23 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Clean up si_domain in the init_dmars() error path

A splat from kmem_cache_destroy() was seen with a kernel prior to commit ee2653bbe89d ("iommu/vt-d: Remove domain and devinfo mempool") when there was a failure in init_dmars(), because the iommu_domain cache still had objects. While the mempool code is now gone, there still is a leak of the si_domain memory if init_dmars() fails. So clean up si_domain in the init_dmars() error path.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-50482"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:44Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Clean up si_domain in the init_dmars() error path\n\nA splat from kmem_cache_destroy() was seen with a kernel prior to\ncommit ee2653bbe89d (\"iommu/vt-d: Remove domain and devinfo mempool\")\nwhen there was a failure in init_dmars(), because the iommu_domain\ncache still had objects. While the mempool code is now gone, there\nstill is a leak of the si_domain memory if init_dmars() fails. So\nclean up si_domain in the init_dmars() error path.",
  "id": "GHSA-3fh4-4hv7-69qh",
  "modified": "2026-01-23T21:30:37Z",
  "published": "2025-10-04T18:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50482"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0365d6af75f9f2696e94a0fef24a2c8464c037c8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5cecfe151874b835331efe086bbdcaeaf64f6b90"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/620bf9f981365c18cc2766c53d92bf8131c63f32"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/724483b585a1b1e063d42ac5aa835707ff2ec165"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/749bea542b67513e99240dc58bbfc099e842d508"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4ad3ae4c6be9d8b0701761c839771116bca6ea3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d74196bb278b8f8af88e16bd595997dfa3d6fdb0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3FJH-2RCV-9CFC

Vulnerability from github – Published: 2025-07-04 15:31 – Updated: 2025-12-18 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

media: imx-jpeg: Cleanup after an allocation error

When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized and cause NULL pointer dereferences. Ensure proper cleanup of failed allocations to prevent these issues.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-38225"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-04T14:15:31Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: imx-jpeg: Cleanup after an allocation error\n\nWhen allocation failures are not cleaned up by the driver, further\nallocation errors will be false-positives, which will cause buffers to\nremain uninitialized and cause NULL pointer dereferences.\nEnsure proper cleanup of failed allocations to prevent these issues.",
  "id": "GHSA-3fjh-2rcv-9cfc",
  "modified": "2025-12-18T21:31:34Z",
  "published": "2025-07-04T15:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38225"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0ee9469f818a0b4de3c0e7aecd733c103820d181"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d0efe7d35c75394f32ff9d0650a007642d23857"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7500bb9cf164edbb2c8117d57620227b1a4a8369"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b89ff9cf37ff59399f850d5f7781ef78fc37679f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec26be7d6355a05552a0d0c1e73031f83aa4dc7f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3GX2-PFP9-4W2V

Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2022-05-13 01:03
VLAI
Details

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-1964"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-08-10T21:55:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"Style Object Memory Corruption Vulnerability.\"",
  "id": "GHSA-3gx2-pfp9-4w2v",
  "modified": "2022-05-13T01:03:27Z",
  "published": "2022-05-13T01:03:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1964"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-057"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12617"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-3J78-PF43-6MVQ

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-02 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nft_exthdr: fix register tracking for F_PRESENT flag

nft_exthdr_init() passes user-controlled priv->len to nft_parse_register_store(), which marks that many bytes in the register bitmap as initialized. However, when NFT_EXTHDR_F_PRESENT is set, the eval paths write only 1 byte (nft_reg_store8) or 4 bytes (*dest = 0 on TCP/DCCP error path). When len > 4, registers beyond the first are never written, retaining uninitialized stack data from nft_regs.

Bail out if userspace requests too much data when F_PRESENT is set.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_exthdr: fix register tracking for F_PRESENT flag\n\nnft_exthdr_init() passes user-controlled priv-\u003elen to\nnft_parse_register_store(), which marks that many bytes in the\nregister bitmap as initialized.  However, when NFT_EXTHDR_F_PRESENT\nis set, the eval paths write only 1 byte (nft_reg_store8) or\n4 bytes (*dest = 0 on TCP/DCCP error path).  When len \u003e 4,\nregisters beyond the first are never written, retaining\nuninitialized stack data from nft_regs.\n\nBail out if userspace requests too much data when F_PRESENT is set.",
  "id": "GHSA-3j78-pf43-6mvq",
  "modified": "2026-07-02T21:32:05Z",
  "published": "2026-06-25T09:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/19748967d59c31d24d21d40b728570788310b237"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46fc15a044e9938e7ea77786fb37edd2cd74f031"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67b27434c43b68a97becda98c9f0c8cf6cba2134"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/772cecf198da732faebb5dcfc46d66a505be8495"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/78069a6d8bc86c9e036eb82c2af4a19cc1871a53"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8738b1b6d0e639ca1fc0f61516afd3557ac4ecc6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cd513e43b4b2bd1de39e2367bc4261c699a8652f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f08fb3d42fd3aad0b7a263da3ac3ebaf0845e265"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3J7X-GH3J-GHQJ

Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9098"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-19T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.",
  "id": "GHSA-3j7x-gh3j-ghqj",
  "modified": "2022-05-13T01:10:29Z",
  "published": "2022-05-13T01:10:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9098"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html"
    },
    {
      "type": "WEB",
      "url": "http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3863"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98593"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3JGJ-55Q7-3RWV

Vulnerability from github – Published: 2025-09-17 15:30 – Updated: 2025-12-11 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/sched: Check scheduler work queue before calling timeout handling

During an IGT GPU reset test we see again oops despite of commit 0c8c901aaaebc9 (drm/sched: Check scheduler ready before calling timeout handling).

It uses ready condition whether to call drm_sched_fault which unwind the TDR leads to GPU reset. However it looks the ready condition is overloaded with other meanings, for example, for the following stack is related GPU reset :

0 gfx_v9_0_cp_gfx_start 1 gfx_v9_0_cp_gfx_resume 2 gfx_v9_0_cp_resume 3 gfx_v9_0_hw_init 4 gfx_v9_0_resume 5 amdgpu_device_ip_resume_phase2

does the following: / start the ring / gfx_v9_0_cp_gfx_start(adev); ring->sched.ready = true;

The same approach is for other ASICs as well : gfx_v8_0_cp_gfx_resume gfx_v10_0_kiq_resume, etc...

As a result, our GPU reset test causes GPU fault which calls unconditionally gfx_v9_0_fault and then drm_sched_fault. However now it depends on whether the interrupt service routine drm_sched_fault is executed after gfx_v9_0_cp_gfx_start is completed which sets the ready field of the scheduler to true even for uninitialized schedulers and causes oops vs no fault or when ISR drm_sched_fault is completed prior gfx_v9_0_cp_gfx_start and NULL pointer dereference does not occur.

Use the field timeout_wq to prevent oops for uninitialized schedulers. The field could be initialized by the work queue of resetting the domain.

v1: Corrections to commit message (Luben)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T15:15:39Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Check scheduler work queue before calling timeout handling\n\nDuring an IGT GPU reset test we see again oops despite of\ncommit 0c8c901aaaebc9 (drm/sched: Check scheduler ready before calling\ntimeout handling).\n\nIt uses ready condition whether to call drm_sched_fault which unwind\nthe TDR leads to GPU reset.\nHowever it looks the ready condition is overloaded with other meanings,\nfor example, for the following stack is related GPU reset :\n\n0  gfx_v9_0_cp_gfx_start\n1  gfx_v9_0_cp_gfx_resume\n2  gfx_v9_0_cp_resume\n3  gfx_v9_0_hw_init\n4  gfx_v9_0_resume\n5  amdgpu_device_ip_resume_phase2\n\ndoes the following:\n\t/* start the ring */\n\tgfx_v9_0_cp_gfx_start(adev);\n\tring-\u003esched.ready = true;\n\nThe same approach is for other ASICs as well :\ngfx_v8_0_cp_gfx_resume\ngfx_v10_0_kiq_resume, etc...\n\nAs a result, our GPU reset test causes GPU fault which calls unconditionally gfx_v9_0_fault\nand then drm_sched_fault. However now it depends on whether the interrupt service routine\ndrm_sched_fault is executed after gfx_v9_0_cp_gfx_start is completed which sets the ready\nfield of the scheduler to true even  for uninitialized schedulers and causes oops vs\nno fault or when ISR  drm_sched_fault is completed prior  gfx_v9_0_cp_gfx_start and\nNULL pointer dereference does not occur.\n\nUse the field timeout_wq  to prevent oops for uninitialized schedulers.\nThe field could be initialized by the work queue of resetting the domain.\n\nv1: Corrections to commit message (Luben)",
  "id": "GHSA-3jgj-55q7-3rwv",
  "modified": "2025-12-11T15:30:30Z",
  "published": "2025-09-17T15:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53351"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2da5bffe9eaa5819a868e8eaaa11b3fd0f16a691"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c43a96fc00b662cef1ef0eb22d40441ce2abae8f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3MF3-2GV9-H39J

Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2023-06-13 18:44
VLAI
Summary
Uninitialized buffer use in marc
Details

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. (Record::read()). Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior. This flaw was fixed in commit 6299af0 by zero-initializing the newly allocated memory (via data.resize(len, 0)) instead of exposing uninitialized memory (unsafe { data.set_len(len) }).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "marc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-26308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:52:28Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. (Record::read()). Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior. This flaw was fixed in commit 6299af0 by zero-initializing the newly allocated memory (via data.resize(len, 0)) instead of exposing uninitialized memory (unsafe { data.set_len(len) }).",
  "id": "GHSA-3mf3-2gv9-h39j",
  "modified": "2023-06-13T18:44:34Z",
  "published": "2021-08-25T20:53:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26308"
    },
    {
      "type": "WEB",
      "url": "https://github.com/blackbeam/rust-marc/issues/7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/blackbeam/rust-marc/commit/6299af0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/blackbeam/rust-marc"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0014.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Uninitialized buffer use in marc"
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.