Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-3VV3-FRRQ-6486

Vulnerability from github – Published: 2021-08-25 20:59 – Updated: 2021-08-24 19:10
VLAI
Summary
Use of Uninitialized Resource in alg_ds
Details

An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. Matrix::new() internally calls Matrix::fill_with() which uses *ptr = value pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "alg_ds"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-36432"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665",
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-09T21:22:58Z",
    "nvd_published_at": "2021-08-08T06:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. `Matrix::new()` internally calls `Matrix::fill_with()` which uses `*ptr = value` pattern to initialize the buffer. This pattern assumes that there is an initialized struct at the address and drops it, which results in dropping of uninitialized struct.",
  "id": "GHSA-3vv3-frrq-6486",
  "modified": "2021-08-24T19:10:18Z",
  "published": "2021-08-25T20:59:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36432"
    },
    {
      "type": "PACKAGE",
      "url": "https://gitlab.com/dvshapkin/alg-ds"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/dvshapkin/alg-ds/-/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2020-0033.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Uninitialized Resource in alg_ds"
}

GHSA-3W4C-53GW-R9PV

Vulnerability from github – Published: 2024-10-10 18:31 – Updated: 2024-10-17 15:31
VLAI
Details

Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-47966"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-457",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-10T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.",
  "id": "GHSA-3w4c-53gw-r9pv",
  "modified": "2024-10-17T15:31:08Z",
  "published": "2024-10-10T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47966"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-284-21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-3W7Q-WCHX-RF5P

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ath9k_htc: fix uninit value bugs

Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization.

In htc_connect_service() svc_meta_len and pad are not initialized. Based on code it looks like in current skb there is no service data, so simply initialize svc_meta_len to 0.

htc_issue_send() does not initialize htc_frame_hdr::control array. Based on firmware code, it will initialize it by itself, so simply zero whole array to make KMSAN happy

Fail logs:

BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ...

Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ...

Bytes 4-7 of 18 are uninitialized Memory access of size 18 starts at ffff888027377e00

BUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430 hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline] hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479 htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline] htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275 ...

Uninit was created at: slab_post_alloc_hook mm/slab.h:524 [inline] slab_alloc_node mm/slub.c:3251 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1126 [inline] htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258 ...

Bytes 16-17 of 18 are uninitialized Memory access of size 18 starts at ffff888027377e00

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49235"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:00Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nath9k_htc: fix uninit value bugs\n\nSyzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing\nfield initialization.\n\nIn htc_connect_service() svc_meta_len and pad are not initialized. Based\non code it looks like in current skb there is no service data, so simply\ninitialize svc_meta_len to 0.\n\nhtc_issue_send() does not initialize htc_frame_hdr::control array. Based\non firmware code, it will initialize it by itself, so simply zero whole\narray to make KMSAN happy\n\nFail logs:\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 4-7 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00\n\nBUG: KMSAN: kernel-usb-infoleak in usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n usb_submit_urb+0x6c1/0x2aa0 drivers/usb/core/urb.c:430\n hif_usb_send_regout drivers/net/wireless/ath/ath9k/hif_usb.c:127 [inline]\n hif_usb_send+0x5f0/0x16f0 drivers/net/wireless/ath/ath9k/hif_usb.c:479\n htc_issue_send drivers/net/wireless/ath/ath9k/htc_hst.c:34 [inline]\n htc_connect_service+0x143e/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:275\n...\n\nUninit was created at:\n slab_post_alloc_hook mm/slab.h:524 [inline]\n slab_alloc_node mm/slub.c:3251 [inline]\n __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974\n kmalloc_reserve net/core/skbuff.c:354 [inline]\n __alloc_skb+0x545/0xf90 net/core/skbuff.c:426\n alloc_skb include/linux/skbuff.h:1126 [inline]\n htc_connect_service+0x1029/0x1960 drivers/net/wireless/ath/ath9k/htc_hst.c:258\n...\n\nBytes 16-17 of 18 are uninitialized\nMemory access of size 18 starts at ffff888027377e00",
  "id": "GHSA-3w7q-wchx-rf5p",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49235"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0b700f7d06492de34964b6f414120043364f8191"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11f11ac281f0c0b363d2940204f28bae0422ed71"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4d244b731188e0b63fc40a9d2dec72e9181fb37c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5abf2b761b998063f5e2bae93fd4ab10e2a80f10"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5c2a6a8daa17a3f65b38b9a5574bb362c13fa1d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7da6169b6ebb75816b57be3beb829afa74f3b4b6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d1e0df1c57bd30871dd1c855742a7c346dbca853"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e352acdd378e9263cc4c6018e588f2dac7161d07"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ee4222052a76559c20e821bc3519cefb58b6d3e9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-3WCQ-X3MQ-6R9P

Vulnerability from github – Published: 2021-05-24 19:51 – Updated: 2021-05-26 20:11
VLAI
Summary
Potential memory exposure in dns-packet
Details

This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "dns-packet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "5.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "dns-packet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23386"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-21T18:07:04Z",
    "nvd_published_at": "2021-05-20T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.",
  "id": "GHSA-3wcq-x3mq-6r9p",
  "modified": "2021-05-26T20:11:00Z",
  "published": "2021-05-24T19:51:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23386"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/bugs?subject=user\u0026amp%3Breport_id=968858"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential memory exposure in dns-packet"
}

GHSA-3X3Q-3C9J-4X72

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-05 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

Input: iforce - invert valid length check when fetching device IDs

syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes to read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:02Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: iforce - invert valid length check when fetching device IDs\n\nsyzbot is reporting uninitialized value at iforce_init_device() [1], for\ncommit 6ac0aec6b0a6 (\"Input: iforce - allow callers supply data buffer\nwhen fetching device IDs\") is checking that valid length is shorter than\nbytes to read. Since iforce_get_id_packet() stores valid length when\nreturning 0, the caller needs to check that valid length is longer than or\nequals to bytes to read.",
  "id": "GHSA-3x3q-3c9j-4x72",
  "modified": "2025-11-05T15:31:01Z",
  "published": "2025-05-01T15:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49790"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/24cc679abbf31477d0cc6106ec83c2fbae6b3cdf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5d53797ce7ce8fb1d95a5bebc5efa9418c4217a3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6365569d62a75ddf53fb0c2936c16587a365984c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b8ebf250997c5fb253582f42bfe98673801ebebd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fdd57c20d4408cac3c3c535c120d244e083406c9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4296-MCPH-C48G

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-05-24 17:49
VLAI
Details

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-29T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12131.",
  "id": "GHSA-4296-mcph-c48g",
  "modified": "2022-05-24T17:49:07Z",
  "published": "2022-05-24T17:49:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31417"
    },
    {
      "type": "WEB",
      "url": "https://kb.parallels.com/en/125013"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-426"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-42WQ-32P9-MF48

Vulnerability from github – Published: 2024-12-29 12:30 – Updated: 2025-11-03 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware.

When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-29T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: check if __rtc_read_time was successful in rtc_timer_do_work()\n\nIf the __rtc_read_time call fails,, the struct rtc_time tm; may contain\nuninitialized data, or an illegal date/time read from the RTC hardware.\n\nWhen calling rtc_tm_to_ktime later, the result may be a very large value\n(possibly KTIME_MAX). If there are periodic timers in rtc-\u003etimerqueue,\nthey will continually expire, may causing kernel softlockup.",
  "id": "GHSA-42wq-32p9-mf48",
  "modified": "2025-11-03T21:32:02Z",
  "published": "2024-12-29T12:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56739"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-42X2-72V8-6Q9V

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-17 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

regulator: da9121: Fix uninit-value in da9121_assign_chip_model()

KASAN report slab-out-of-bounds in __regmap_init as follows:

BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 Read of size 1 at addr ffff88803678cdf1 by task xrun/9137

CPU: 0 PID: 9137 Comm: xrun Tainted: G W 5.18.0-rc2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88 print_report.cold+0xcd/0x69b mm/kasan/report.c:313 kasan_report+0x8e/0xc0 mm/kasan/report.c:491 __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841 __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266 __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394 da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039 i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563

This happend when da9121 device is probe by da9121_i2c_id, but with invalid dts. Thus, chip->subvariant_id is set to -EINVAL, and later da9121_assign_chip_model() will access 'regmap' without init it.

Fix it by return -EINVAL from da9121_assign_chip_model() if 'chip->subvariant_id' is invalid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49507"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:01:26Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: da9121: Fix uninit-value in da9121_assign_chip_model()\n\nKASAN report slab-out-of-bounds in __regmap_init as follows:\n\nBUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841\nRead of size 1 at addr ffff88803678cdf1 by task xrun/9137\n\nCPU: 0 PID: 9137 Comm: xrun Tainted: G        W         5.18.0-rc2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x15a lib/dump_stack.c:88\n print_report.cold+0xcd/0x69b mm/kasan/report.c:313\n kasan_report+0x8e/0xc0 mm/kasan/report.c:491\n __regmap_init+0x4540/0x4ba0 drivers/base/regmap/regmap.c:841\n __devm_regmap_init+0x7a/0x100 drivers/base/regmap/regmap.c:1266\n __devm_regmap_init_i2c+0x65/0x80 drivers/base/regmap/regmap-i2c.c:394\n da9121_i2c_probe+0x386/0x6d1 drivers/regulator/da9121-regulator.c:1039\n i2c_device_probe+0x959/0xac0 drivers/i2c/i2c-core-base.c:563\n\nThis happend when da9121 device is probe by da9121_i2c_id, but with\ninvalid dts. Thus, chip-\u003esubvariant_id is set to -EINVAL, and later\nda9121_assign_chip_model() will access \u0027regmap\u0027 without init it.\n\nFix it by return -EINVAL from da9121_assign_chip_model() if\n\u0027chip-\u003esubvariant_id\u0027 is invalid.",
  "id": "GHSA-42x2-72v8-6q9v",
  "modified": "2025-03-17T18:31:51Z",
  "published": "2025-03-17T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49507"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/60f21eda69f1b5727a97d2077da766eb27fcc21f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7da64c7c82c9b29b628a62c88a8c2fb06990563d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bab76514aca36bc513224525d5598da676938218"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be96baa0c79588084e0d7a4fa21c574cec9a57f4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-436W-WV2W-Q46V

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-11260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",
  "id": "GHSA-436w-wv2w-q46v",
  "modified": "2022-05-24T19:04:42Z",
  "published": "2022-05-24T19:04:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11260"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-43W3-FXW8-8M47

Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21
VLAI
Details

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12864"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-24T13:15:00Z",
    "severity": "LOW"
  },
  "details": "An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.",
  "id": "GHSA-43w3-fxw8-8m47",
  "modified": "2022-05-24T17:21:34Z",
  "published": "2022-05-24T17:21:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12864"
    },
    {
      "type": "WEB",
      "url": "https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4470-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.