Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-QGR5-73WM-7W3G

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-19974"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-17T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).",
  "id": "GHSA-qgr5-73wm-7w3g",
  "modified": "2022-05-13T01:19:50Z",
  "published": "2022-05-13T01:19:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19974"
    },
    {
      "type": "WEB",
      "url": "https://github.com/VirusTotal/yara/issues/999"
    },
    {
      "type": "WEB",
      "url": "https://bnbdr.github.io/posts/extracheese"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bnbdr/swisscheese"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFFXDAMP6GJ337LIOTVF5I4T6QGMN3ZR"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHCG-6255-C538

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-08 00:37
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()

There is an bug in which an uninitialized stack variable is used in rseq_exit_user_update() as reported by syzbot:

BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]

The local variable:

struct rseq_ids ids = {
    .cpu_id  = task_cpu(t),
    .mm_cid  = task_mm_cid(t),
    .node_id = cpu_to_node(ids.cpu_id),
};

According to the C standard, the evaluation order of expressions in an initializer list is indeterminately sequenced. The compiler (Clang, in this KMSAN build) evaluates cpu_to_node(ids.cpu_id) before ids.cpu_id is initialized with task_cpu(t).

This is fixed by moving the assignment of ids.node_id outside the structure initialization.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53243"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:42Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrseq: Fix using an uninitialized stack variable in rseq_exit_user_update()\n\nThere is an bug in which an uninitialized stack variable is used in\nrseq_exit_user_update() as reported by syzbot:\n\nBUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]\n\nThe local variable:\n\n\tstruct rseq_ids ids = {\n\t\t.cpu_id\t = task_cpu(t),\n\t\t.mm_cid\t = task_mm_cid(t),\n\t\t.node_id = cpu_to_node(ids.cpu_id),\n\t};\n\nAccording to the C standard, the evaluation order of expressions in an\ninitializer list is indeterminately sequenced. The compiler (Clang, in\nthis KMSAN build) evaluates `cpu_to_node(ids.cpu_id)` *before*\n`ids.cpu_id` is initialized with `task_cpu(t)`.\n\nThis is fixed by moving the assignment of ids.node_id outside the\nstructure initialization.",
  "id": "GHSA-qhcg-6255-c538",
  "modified": "2026-07-08T00:37:52Z",
  "published": "2026-06-25T09:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53243"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6d99479799c69c3cb588fcda19c81d8f61d64ecd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e12d20a63b61aaf9de4772effccf42cc9a003e58"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHXX-J73R-QPM2

Vulnerability from github – Published: 2020-12-10 19:07 – Updated: 2024-10-28 19:57
VLAI
Summary
Uninitialized memory access in TensorFlow
Details

Impact

Under certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen:

struct QUInt8 {
  QUInt8() {}
  // ...
  uint8_t value;
};

struct QInt16 {
  QInt16() {}
  // ...
  int16_t value;
};

struct QUInt16 {
  QUInt16() {}
  // ...
  uint16_t value;
};

struct QInt32 {
  QInt32() {}
  // ...
  int32_t value;
};

Patches

We have patched the issue in GitHub commit ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

Since this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-10T19:04:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nUnder certain cases, a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to [default initialize the quantized floating point types in Eigen](https://github.com/tensorflow/tensorflow/blob/f70160322a579144950dff1537dcbe3c7c09d6f5/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h#L61-L104):\n\n```cc\nstruct QUInt8 {\n  QUInt8() {}\n  // ...\n  uint8_t value;\n};\n\nstruct QInt16 {\n  QInt16() {}\n  // ...\n  int16_t value;\n};\n\nstruct QUInt16 {\n  QUInt16() {}\n  // ...\n  uint16_t value;\n};\n\nstruct QInt32 {\n  QInt32() {}\n  // ...\n  int32_t value;\n};\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2](https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2) and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.\n\nSince this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
  "id": "GHSA-qhxx-j73r-qpm2",
  "modified": "2024-10-28T19:57:07Z",
  "published": "2020-12-10T19:07:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26266"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-297.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-332.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-254.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Uninitialized memory access in TensorFlow"
}

GHSA-QM8R-PPX2-RGHP

Vulnerability from github – Published: 2022-05-13 01:19 – Updated: 2022-05-13 01:19
VLAI
Details

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15911"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-28T04:29:00Z",
    "severity": "HIGH"
  },
  "details": "In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.",
  "id": "GHSA-qm8r-ppx2-rghp",
  "modified": "2022-05-13T01:19:12Z",
  "published": "2022-05-13T01:19:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15911"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:3834"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699665"
    },
    {
      "type": "WEB",
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201811-12"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K22141757?utm_source=f5support\u0026amp;utm_medium=RSS"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3768-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4288"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/332928"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105122"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QMVM-XJMC-FJ3R

Vulnerability from github – Published: 2025-09-23 18:30 – Updated: 2025-09-23 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ath11k: pci: fix crash on suspend if board file is not found

Mario reported that the kernel was crashing on suspend if ath11k was not able to find a board file:

[ 473.693286] PM: Suspending system (s2idle) [ 473.693291] printk: Suspending console(s) (use no_console_suspend to debug) [ 474.407787] BUG: unable to handle page fault for address: 0000000000002070 [ 474.407791] #PF: supervisor read access in kernel mode [ 474.407794] #PF: error_code(0x0000) - not-present page [ 474.407798] PGD 0 P4D 0 [ 474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G W 5.16.0 #248 [...] [ 474.407868] Call Trace: [ 474.407870] [ 474.407874] ? _raw_spin_lock_irqsave+0x2a/0x60 [ 474.407882] ? lock_timer_base+0x72/0xa0 [ 474.407889] ? _raw_spin_unlock_irqrestore+0x29/0x3d [ 474.407892] ? try_to_del_timer_sync+0x54/0x80 [ 474.407896] ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k] [ 474.407912] ath11k_core_suspend+0x34/0x130 [ath11k] [ 474.407923] ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci] [ 474.407928] pci_pm_suspend+0x7e/0x170 [ 474.407935] ? pci_pm_freeze+0xc0/0xc0 [ 474.407939] dpm_run_callback+0x4e/0x150 [ 474.407947] __device_suspend+0x148/0x4c0 [ 474.407951] async_suspend+0x20/0x90 dmesg-efi-164255130401001: Oops#1 Part1 [ 474.407955] async_run_entry_fn+0x33/0x120 [ 474.407959] process_one_work+0x220/0x3f0 [ 474.407966] worker_thread+0x4a/0x3d0 [ 474.407971] kthread+0x17a/0x1a0 [ 474.407975] ? process_one_work+0x3f0/0x3f0 [ 474.407979] ? set_kthread_struct+0x40/0x40 [ 474.407983] ret_from_fork+0x22/0x30 [ 474.407991]

The issue here is that board file loading happens after ath11k_pci_probe() succesfully returns (ath11k initialisation happends asynchronously) and the suspend handler is still enabled, of course failing as ath11k is not properly initialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and resume.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: pci: fix crash on suspend if board file is not found\n\nMario reported that the kernel was crashing on suspend if ath11k was not able\nto find a board file:\n\n[  473.693286] PM: Suspending system (s2idle)\n[  473.693291] printk: Suspending console(s) (use no_console_suspend to debug)\n[  474.407787] BUG: unable to handle page fault for address: 0000000000002070\n[  474.407791] #PF: supervisor read access in kernel mode\n[  474.407794] #PF: error_code(0x0000) - not-present page\n[  474.407798] PGD 0 P4D 0\n[  474.407801] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[  474.407805] CPU: 2 PID: 2350 Comm: kworker/u32:14 Tainted: G        W         5.16.0 #248\n[...]\n[  474.407868] Call Trace:\n[  474.407870]  \u003cTASK\u003e\n[  474.407874]  ? _raw_spin_lock_irqsave+0x2a/0x60\n[  474.407882]  ? lock_timer_base+0x72/0xa0\n[  474.407889]  ? _raw_spin_unlock_irqrestore+0x29/0x3d\n[  474.407892]  ? try_to_del_timer_sync+0x54/0x80\n[  474.407896]  ath11k_dp_rx_pktlog_stop+0x49/0xc0 [ath11k]\n[  474.407912]  ath11k_core_suspend+0x34/0x130 [ath11k]\n[  474.407923]  ath11k_pci_pm_suspend+0x1b/0x50 [ath11k_pci]\n[  474.407928]  pci_pm_suspend+0x7e/0x170\n[  474.407935]  ? pci_pm_freeze+0xc0/0xc0\n[  474.407939]  dpm_run_callback+0x4e/0x150\n[  474.407947]  __device_suspend+0x148/0x4c0\n[  474.407951]  async_suspend+0x20/0x90\ndmesg-efi-164255130401001:\nOops#1 Part1\n[  474.407955]  async_run_entry_fn+0x33/0x120\n[  474.407959]  process_one_work+0x220/0x3f0\n[  474.407966]  worker_thread+0x4a/0x3d0\n[  474.407971]  kthread+0x17a/0x1a0\n[  474.407975]  ? process_one_work+0x3f0/0x3f0\n[  474.407979]  ? set_kthread_struct+0x40/0x40\n[  474.407983]  ret_from_fork+0x22/0x30\n[  474.407991]  \u003c/TASK\u003e\n\nThe issue here is that board file loading happens after ath11k_pci_probe()\nsuccesfully returns (ath11k initialisation happends asynchronously) and the\nsuspend handler is still enabled, of course failing as ath11k is not properly\ninitialised. Fix this by checking ATH11K_FLAG_QMI_FAIL during both suspend and\nresume.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPL_V1_V2_SILICONZ_LITE-2",
  "id": "GHSA-qmvm-xjmc-fj3r",
  "modified": "2025-09-23T18:30:20Z",
  "published": "2025-09-23T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49132"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aeed776c00e804a0f7896db39c7c661cea34ee1f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b4f4c56459a5c744f7f066b9fc2b54ea995030c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f3c5ef433da82d257337424b3647ce9dcb37d4b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fed4cef115ab21a18faf499b3fa9b9a4b544f941"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QP6F-HQ95-GPP9

Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-05-07 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header

This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type casted sizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative value.

syzbot reported a call trace because of it:

BUG: KMSAN: uninit-value in ... tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934 __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238 tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321 tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324 genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline] genl_family_rcv_msg net/netlink/genetlink.c:775 [inline] genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792 netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501 genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg net/socket.c:734 [inline]

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49862"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-01T15:16:11Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix the msg-\u003ereq tlv len check in tipc_nl_compat_name_table_dump_header\n\nThis is a follow-up for commit 974cb0e3e7c9 (\"tipc: fix uninit-value\nin tipc_nl_compat_name_table_dump\") where it should have type casted\nsizeof(..) to int to work when TLV_GET_DATA_LEN() returns a negative\nvalue.\n\nsyzbot reported a call trace because of it:\n\n  BUG: KMSAN: uninit-value in ...\n   tipc_nl_compat_name_table_dump+0x841/0xea0 net/tipc/netlink_compat.c:934\n   __tipc_nl_compat_dumpit+0xab2/0x1320 net/tipc/netlink_compat.c:238\n   tipc_nl_compat_dumpit+0x991/0xb50 net/tipc/netlink_compat.c:321\n   tipc_nl_compat_recv+0xb6e/0x1640 net/tipc/netlink_compat.c:1324\n   genl_family_rcv_msg_doit net/netlink/genetlink.c:731 [inline]\n   genl_family_rcv_msg net/netlink/genetlink.c:775 [inline]\n   genl_rcv_msg+0x103f/0x1260 net/netlink/genetlink.c:792\n   netlink_rcv_skb+0x3a5/0x6c0 net/netlink/af_netlink.c:2501\n   genl_rcv+0x3c/0x50 net/netlink/genetlink.c:803\n   netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n   netlink_unicast+0xf3b/0x1270 net/netlink/af_netlink.c:1345\n   netlink_sendmsg+0x1288/0x1440 net/netlink/af_netlink.c:1921\n   sock_sendmsg_nosec net/socket.c:714 [inline]\n   sock_sendmsg net/socket.c:734 [inline]",
  "id": "GHSA-qp6f-hq95-gpp9",
  "modified": "2025-05-07T15:31:25Z",
  "published": "2025-05-01T15:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49862"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/082707d3df191bf5bb8801d43e4ce3dea39ca173"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1c075b192fe41030457cd4a5f7dea730412bca40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/301caa06091af4d5cf056ac8249cbda4e6029c6a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/36769b9477491a7af6635863bd950309c1e1b96c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/55a253a6753a603e80b95932ca971ba514aa6ce7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6cee2c60bd168279852ac7dbe54c2b70d1028644"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a0ead1d648df9c456baec832b494513ef405949a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f31dd158580940938f77514b87337a777520185a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPCR-MXC8-RJF5

Vulnerability from github – Published: 2022-10-21 19:01 – Updated: 2022-10-24 19:00
VLAI
Details

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-3642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-453",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-21T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic has been found in Linux Kernel. This affects the function rtl8188f_spur_calibration of the file drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8188f.c of the component Wireless. The manipulation of the argument hw_ctrl_s1/sw_ctrl_s1 leads to use of uninitialized variable. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211959.",
  "id": "GHSA-qpcr-mxc8-rjf5",
  "modified": "2022-10-24T19:00:16Z",
  "published": "2022-10-21T19:01:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3642"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless-next.git/commit/?id=80e5acb6dd72b25a6e6527443b9e9c1c3a7bcef6"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.211959"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QPXP-M569-QP25

Vulnerability from github – Published: 2024-06-20 12:31 – Updated: 2024-07-03 18:46
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

block: Fix wrong offset in bio_truncate()

bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized data.

This happened when both of truncated/corrupted FS and userspace (via bdev) are trying to read the last of bdev.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-20T12:15:12Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix wrong offset in bio_truncate()\n\nbio_truncate() clears the buffer outside of last block of bdev, however\ncurrent bio_truncate() is using the wrong offset of page. So it can\nreturn the uninitialized data.\n\nThis happened when both of truncated/corrupted FS and userspace (via\nbdev) are trying to read the last of bdev.",
  "id": "GHSA-qpxp-m569-qp25",
  "modified": "2024-07-03T18:46:09Z",
  "published": "2024-06-20T12:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48747"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3ee859e384d453d6ac68bfd5971f630d9fa46ad3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4633a79ff8bc82770486a063a08b55e5162521d8"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6cbf4c731d7812518cd857c2cfc3da9fd120f6ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/941d5180c430ce5b0f7a3622ef9b76077bfa3d82"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b63e120189fd92aff00096d11e2fc5253f60248b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QWVX-C8J7-5G75

Vulnerability from github – Published: 2022-01-06 22:09 – Updated: 2023-06-13 22:01
VLAI
Summary
Use of Uninitialized Resource in tectonic_xdv
Details

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.

Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.

The problem was fixed in commit cdff034 by zero-initializing the buffer before passing it to a user-provided Read implementation.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tectonic_xdv"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.1.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-45703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-05T23:41:34Z",
    "nvd_published_at": "2021-12-27T00:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation.\n\nArbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.\n\nThe problem was fixed in commit `cdff034` by zero-initializing the buffer before passing it to a user-provided Read implementation.",
  "id": "GHSA-qwvx-c8j7-5g75",
  "modified": "2023-06-13T22:01:48Z",
  "published": "2022-01-06T22:09:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45703"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tectonic-typesetting/tectonic/issues/752"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tectonic-typesetting/tectonic/commit/cdff034e6d93cdfdafd13d8c6956e22fa5a57b79"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tectonic-typesetting/tectonic"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tectonic_xdv/RUSTSEC-2021-0112.md"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0112.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Use of Uninitialized Resource in tectonic_xdv"
}

GHSA-R23C-H6FF-98MJ

Vulnerability from github – Published: 2022-08-20 00:00 – Updated: 2022-08-23 00:00
VLAI
Details

A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command "adf" has no or wrong argument, anal_fcn_data (core, input + 1) --> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-19T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command \"adf\" has no or wrong argument, anal_fcn_data (core, input + 1) --\u003e RAnalFunction *fcn = r_anal_get_fcn_in (core-\u003eanal, core-\u003eoffset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn).",
  "id": "GHSA-r23c-h6ff-98mj",
  "modified": "2022-08-23T00:00:16Z",
  "published": "2022-08-20T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27795"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/issues/16215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/pull/16230"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.