CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-9F2X-6R69-376X
Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21851.
{
"affected": [],
"aliases": [
"CVE-2023-42079"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-03T03:15:43Z",
"severity": "LOW"
},
"details": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21851.",
"id": "GHSA-9f2x-6r69-376x",
"modified": "2024-05-03T03:31:01Z",
"published": "2024-05-03T03:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42079"
},
{
"type": "WEB",
"url": "https://www.tracker-software.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9F5J-4XXX-236Q
Vulnerability from github – Published: 2025-08-12 18:31 – Updated: 2025-08-12 18:31Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2025-53719"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-12T18:15:40Z",
"severity": "MODERATE"
},
"details": "Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.",
"id": "GHSA-9f5j-4xxx-236q",
"modified": "2025-08-12T18:31:31Z",
"published": "2025-08-12T18:31:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53719"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53719"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9F5R-VQM5-M342
Vulnerability from github – Published: 2021-08-25 20:53 – Updated: 2023-06-13 20:06Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
The flaw was fixed in commit 599313b by zero-initializing the buffer (via self.buf.resize(len, 0)) before passing it to Read.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ms3d"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-26952"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-19T17:44:22Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.\n\nThe flaw was fixed in commit `599313b` by zero-initializing the buffer (via self.buf.resize(len, 0)) before passing it to Read.",
"id": "GHSA-9f5r-vqm5-m342",
"modified": "2023-06-13T20:06:12Z",
"published": "2021-08-25T20:53:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26952"
},
{
"type": "WEB",
"url": "https://github.com/andrewhickman/ms3d/issues/1"
},
{
"type": "WEB",
"url": "https://github.com/andrewhickman/ms3d/commit/599313b"
},
{
"type": "PACKAGE",
"url": "https://github.com/andrewhickman/ms3d"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0016.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Uninitialized Resource in ms3d"
}
GHSA-9F85-R865-9X32
Vulnerability from github – Published: 2024-08-17 12:30 – Updated: 2025-02-03 18:30In the Linux kernel, the following vulnerability has been resolved:
crypto: mxs-dcp - Ensure payload is zero when using key slot
We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. Fix this by ensuring the payload field is set to 0 in such cases.
This does not affect the common use case when the key is supplied from main memory via the descriptor payload.
{
"affected": [],
"aliases": [
"CVE-2024-43815"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-17T10:15:07Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: mxs-dcp - Ensure payload is zero when using key slot\n\nWe could leak stack memory through the payload field when running\nAES with a key from one of the hardware\u0027s key slots. Fix this by\nensuring the payload field is set to 0 in such cases.\n\nThis does not affect the common use case when the key is supplied\nfrom main memory via the descriptor payload.",
"id": "GHSA-9f85-r865-9x32",
"modified": "2025-02-03T18:30:38Z",
"published": "2024-08-17T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43815"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dd52b5eeb0f70893f762da7254e923fd23fd1379"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e1640fed0377bf7276efb70d03cb821a6931063d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FQ9-RX75-MM5G
Vulnerability from github – Published: 2026-05-08 15:31 – Updated: 2026-05-15 21:31In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer
syzbot reported a f2fs bug as below:
BUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520 f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520 f2fs_finish_read_bio+0xe1e/0x1d60 fs/f2fs/data.c:177 f2fs_read_end_io+0x6ab/0x2220 fs/f2fs/data.c:-1 bio_endio+0x1006/0x1160 block/bio.c:1792 submit_bio_noacct+0x533/0x2960 block/blk-core.c:891 submit_bio+0x57a/0x620 block/blk-core.c:926 blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline] f2fs_submit_read_bio+0x12c/0x360 fs/f2fs/data.c:557 f2fs_submit_page_bio+0xee2/0x1450 fs/f2fs/data.c:775 read_node_folio+0x384/0x4b0 fs/f2fs/node.c:1481 __get_node_folio+0x5db/0x15d0 fs/f2fs/node.c:1576 f2fs_get_inode_folio+0x40/0x50 fs/f2fs/node.c:1623 do_read_inode fs/f2fs/inode.c:425 [inline] f2fs_iget+0x1209/0x9380 fs/f2fs/inode.c:596 f2fs_fill_super+0x8f5a/0xb2e0 fs/f2fs/super.c:5184 get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1694 get_tree_bdev+0x38/0x50 fs/super.c:1717 f2fs_get_tree+0x35/0x40 fs/f2fs/super.c:5436 vfs_get_tree+0xb3/0x5d0 fs/super.c:1754 fc_mount fs/namespace.c:1193 [inline] do_new_mount_fc fs/namespace.c:3763 [inline] do_new_mount+0x885/0x1dd0 fs/namespace.c:3839 path_mount+0x7a2/0x20b0 fs/namespace.c:4159 do_mount fs/namespace.c:4172 [inline] __do_sys_mount fs/namespace.c:4361 [inline] __se_sys_mount+0x704/0x7f0 fs/namespace.c:4338 __x64_sys_mount+0xe4/0x150 fs/namespace.c:4338 x64_sys_call+0x39f0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:166 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
The root cause is: in f2fs_finish_read_bio(), we may access uninit data in folio if we failed to read the data from device into folio, let's add a check condition to avoid such issue.
{
"affected": [],
"aliases": [
"CVE-2026-43349"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T14:16:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer\n\nsyzbot reported a f2fs bug as below:\n\nBUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520\n f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520\n f2fs_finish_read_bio+0xe1e/0x1d60 fs/f2fs/data.c:177\n f2fs_read_end_io+0x6ab/0x2220 fs/f2fs/data.c:-1\n bio_endio+0x1006/0x1160 block/bio.c:1792\n submit_bio_noacct+0x533/0x2960 block/blk-core.c:891\n submit_bio+0x57a/0x620 block/blk-core.c:926\n blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline]\n f2fs_submit_read_bio+0x12c/0x360 fs/f2fs/data.c:557\n f2fs_submit_page_bio+0xee2/0x1450 fs/f2fs/data.c:775\n read_node_folio+0x384/0x4b0 fs/f2fs/node.c:1481\n __get_node_folio+0x5db/0x15d0 fs/f2fs/node.c:1576\n f2fs_get_inode_folio+0x40/0x50 fs/f2fs/node.c:1623\n do_read_inode fs/f2fs/inode.c:425 [inline]\n f2fs_iget+0x1209/0x9380 fs/f2fs/inode.c:596\n f2fs_fill_super+0x8f5a/0xb2e0 fs/f2fs/super.c:5184\n get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1694\n get_tree_bdev+0x38/0x50 fs/super.c:1717\n f2fs_get_tree+0x35/0x40 fs/f2fs/super.c:5436\n vfs_get_tree+0xb3/0x5d0 fs/super.c:1754\n fc_mount fs/namespace.c:1193 [inline]\n do_new_mount_fc fs/namespace.c:3763 [inline]\n do_new_mount+0x885/0x1dd0 fs/namespace.c:3839\n path_mount+0x7a2/0x20b0 fs/namespace.c:4159\n do_mount fs/namespace.c:4172 [inline]\n __do_sys_mount fs/namespace.c:4361 [inline]\n __se_sys_mount+0x704/0x7f0 fs/namespace.c:4338\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:4338\n x64_sys_call+0x39f0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:166\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is: in f2fs_finish_read_bio(), we may access uninit data\nin folio if we failed to read the data from device into folio, let\u0027s add\na check condition to avoid such issue.",
"id": "GHSA-9fq9-rx75-mm5g",
"modified": "2026-05-15T21:31:31Z",
"published": "2026-05-08T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43349"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59970b2586fef4b13e96527b9d232bed30b640cd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b9161a605e91d0987e2596a245dc1f21621b23f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a10b89343d41ceee1af0ec38d3a74e526c77fa09"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9G24-QQWH-54WW
Vulnerability from github – Published: 2024-11-07 12:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad
Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2].
[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000
{
"affected": [],
"aliases": [
"CVE-2024-50143"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-07T10:15:06Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000",
"id": "GHSA-9g24-qqwh-54ww",
"modified": "2025-11-04T00:31:56Z",
"published": "2024-11-07T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50143"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GVG-FW8P-72FV
Vulnerability from github – Published: 2026-02-11 18:31 – Updated: 2026-04-24 18:30A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.
This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.
{
"affected": [],
"aliases": [
"CVE-2025-12474"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T16:15:53Z",
"severity": "LOW"
},
"details": "A specially-crafted file can cause libjxl\u0027s decoder to read pixel data from uninitialized (but allocated) memory.\n\nThis can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.",
"id": "GHSA-9gvg-fw8p-72fv",
"modified": "2026-04-24T18:30:35Z",
"published": "2026-02-11T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12474"
},
{
"type": "WEB",
"url": "https://github.com/libjxl/libjxl/pull/4495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-9J3F-W66P-JQVG
Vulnerability from github – Published: 2025-10-01 09:30 – Updated: 2025-12-12 21:31In the Linux kernel, the following vulnerability has been resolved:
arm64: kexec: initialize kexec_buf struct in load_other_segments()
Patch series "kexec: Fix invalid field access".
The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage.
This is also triggering a UBSAN warning when the uninitialized data was accessed:
------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'
Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.
An initial fix was already landed for arm64[0], and this patchset fixes the problem on the remaining arm64 code and on riscv, as raised by Mark.
Discussions about this problem could be found at[1][2].
This patch (of 3):
The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage.
This is also triggering a UBSAN warning when the uninitialized data was accessed:
------------[ cut here ]------------
UBSAN: invalid-load in ./include/linux/kexec.h:210:10
load of value 252 is not a valid value for type '_Bool'
Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used.
{
"affected": [],
"aliases": [
"CVE-2025-39904"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T08:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: kexec: initialize kexec_buf struct in load_other_segments()\n\nPatch series \"kexec: Fix invalid field access\".\n\nThe kexec_buf structure was previously declared without initialization. \ncommit bf454ec31add (\"kexec_file: allow to place kexec_buf randomly\")\nadded a field that is always read but not consistently populated by all\narchitectures. This un-initialized field will contain garbage.\n\nThis is also triggering a UBSAN warning when the uninitialized data was\naccessed:\n\n\t------------[ cut here ]------------\n\tUBSAN: invalid-load in ./include/linux/kexec.h:210:10\n\tload of value 252 is not a valid value for type \u0027_Bool\u0027\n\nZero-initializing kexec_buf at declaration ensures all fields are cleanly\nset, preventing future instances of uninitialized memory being used.\n\nAn initial fix was already landed for arm64[0], and this patchset fixes\nthe problem on the remaining arm64 code and on riscv, as raised by Mark.\n\nDiscussions about this problem could be found at[1][2].\n\n\nThis patch (of 3):\n\nThe kexec_buf structure was previously declared without initialization.\ncommit bf454ec31add (\"kexec_file: allow to place kexec_buf randomly\")\nadded a field that is always read but not consistently populated by all\narchitectures. This un-initialized field will contain garbage.\n\nThis is also triggering a UBSAN warning when the uninitialized data was\naccessed:\n\n\t------------[ cut here ]------------\n\tUBSAN: invalid-load in ./include/linux/kexec.h:210:10\n\tload of value 252 is not a valid value for type \u0027_Bool\u0027\n\nZero-initializing kexec_buf at declaration ensures all fields are\ncleanly set, preventing future instances of uninitialized memory being\nused.",
"id": "GHSA-9j3f-w66p-jqvg",
"modified": "2025-12-12T21:31:33Z",
"published": "2025-10-01T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39904"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/04d3cd43700a2d0fe4bfb1012a8ec7f2e34a3507"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/340cc9a3bd30b25edaf6a9708d41b5f2c10a054a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9JHX-GR45-29P7
Vulnerability from github – Published: 2024-10-21 18:30 – Updated: 2024-10-28 18:31In the Linux kernel, the following vulnerability has been resolved:
drm/xe/hdcp: Check GSC structure validity
Sometimes xe_gsc is not initialized when checked at HDCP capability check. Add gsc structure check to avoid null pointer error.
{
"affected": [],
"aliases": [
"CVE-2024-49990"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-21T18:15:19Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/hdcp: Check GSC structure validity\n\nSometimes xe_gsc is not initialized when checked at HDCP capability\ncheck. Add gsc structure check to avoid null pointer error.",
"id": "GHSA-9jhx-gr45-29p7",
"modified": "2024-10-28T18:31:39Z",
"published": "2024-10-21T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49990"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7266a424b1e502745170322e3c27f697d12de627"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b4224f6bae3801d589f815672ec62800a1501b0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c940627857eedca8407b84b40ceb4252b100d291"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9MP7-45QH-R8J8
Vulnerability from github – Published: 2022-01-06 22:13 – Updated: 2023-06-13 17:04Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation (ColumnarReadExt::read_typed_vec()).
Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "columnar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45685"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T17:12:24Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "CRITICAL"
},
"details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation (ColumnarReadExt::read_typed_vec()).\n\nArbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.",
"id": "GHSA-9mp7-45qh-r8j8",
"modified": "2023-06-13T17:04:59Z",
"published": "2022-01-06T22:13:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45685"
},
{
"type": "WEB",
"url": "https://github.com/frankmcsherry/columnar/issues/6"
},
{
"type": "PACKAGE",
"url": "https://github.com/frankmcsherry/columnar.git"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/columnar/RUSTSEC-2021-0087.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0087.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())"
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.