Common Weakness Enumeration

CWE-908

Allowed

Use of Uninitialized Resource

Abstraction: Base · Status: Incomplete

The product uses or accesses a resource that has not been initialized.

822 vulnerabilities reference this CWE, most recent first.

GHSA-V4C8-84P4-CXV7

Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-07-26 00:00
VLAI
Details

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-18T15:15:00Z",
    "severity": "LOW"
  },
  "details": "An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process\u2019s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11",
  "id": "GHSA-v4c8-84p4-cxv7",
  "modified": "2022-07-26T00:00:53Z",
  "published": "2022-05-24T22:28:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21781"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V589-46C9-8J65

Vulnerability from github – Published: 2024-05-03 03:31 – Updated: 2024-05-03 03:31
VLAI
Details

PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20907.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-42046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-457",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-03T03:15:38Z",
    "severity": "LOW"
  },
  "details": "PDF-XChange Editor J2K File Parsing Uninitialized Variable Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of J2K files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-20907.",
  "id": "GHSA-v589-46c9-8j65",
  "modified": "2024-05-03T03:31:00Z",
  "published": "2024-05-03T03:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42046"
    },
    {
      "type": "WEB",
      "url": "https://www.tracker-software.com/support/security-bulletins.html"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1353"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V58C-6X2P-85GG

Vulnerability from github – Published: 2024-06-12 06:30 – Updated: 2024-08-01 15:31
VLAI
Details

Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-36454"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-12T06:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series V01L07NF0201 and earlier. If this vulnerability is exploited, the system may be rebooted or suspended by receiving a specially crafted packet.",
  "id": "GHSA-v58c-6x2p-85gg",
  "modified": "2024-08-01T15:31:48Z",
  "published": "2024-06-12T06:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36454"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN25594256"
    },
    {
      "type": "WEB",
      "url": "https://www.fujitsu.com/jp/products/network/support/2024/ipcom-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V5V4-GVC3-Q8X8

Vulnerability from github – Published: 2026-04-30 12:33 – Updated: 2026-05-03 09:33
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: some missing initializations on replay

In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary reinitializations of certain local variables before replay.

This change makes sure that these variables get initialized after the label.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31693"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T12:16:24Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: some missing initializations on replay\n\nIn several places in the code, we have a label to signify\nthe start of the code where a request can be replayed if\nnecessary. However, some of these places were missing the\nnecessary reinitializations of certain local variables\nbefore replay.\n\nThis change makes sure that these variables get initialized\nafter the label.",
  "id": "GHSA-v5v4-gvc3-q8x8",
  "modified": "2026-05-03T09:33:09Z",
  "published": "2026-04-30T12:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31693"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/14f66f44646333d2bfd7ece36585874fd72f8286"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1d731e512134495e0ef490ade0e4d91dc0d515ec"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c9ce68192eef14c777cb6ce17155d2eb2431aea"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c854ab481ece4b3e5f4c2e8b22824f015ff874a5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c99e160938b627f6f28edee930e8abc157e84386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V5XF-GJ23-85JX

Vulnerability from github – Published: 2025-03-07 06:30 – Updated: 2025-03-07 18:31
VLAI
Details

WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27796"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-07T06:15:35Z",
    "severity": "MODERATE"
  },
  "details": "WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation.",
  "id": "GHSA-v5xf-gj23-85jx",
  "modified": "2025-03-07T18:31:04Z",
  "published": "2025-03-07T06:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27796"
    },
    {
      "type": "WEB",
      "url": "https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/750"
    },
    {
      "type": "WEB",
      "url": "http://www.graphicsmagick.org/NEWS.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V6JX-W33P-924C

Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18
VLAI
Details

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-05-21T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.",
  "id": "GHSA-v6jx-w33p-924c",
  "modified": "2022-05-24T17:18:14Z",
  "published": "2022-05-24T17:18:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202007-05"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4396-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V7J7-2W3M-JFFF

Vulnerability from github – Published: 2024-10-21 21:30 – Updated: 2026-07-14 15:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix access to uninitialised lock in fc replay path

The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled:

INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x66/0x90 register_lock_class+0x759/0x7d0 __lock_acquire+0x85/0x2630 ? __find_get_block+0xb4/0x380 lock_acquire+0xd1/0x2d0 ? __ext4_journal_get_write_access+0xd5/0x160 _raw_spin_lock+0x33/0x40 ? __ext4_journal_get_write_access+0xd5/0x160 __ext4_journal_get_write_access+0xd5/0x160 ext4_reserve_inode_write+0x61/0xb0 __ext4_mark_inode_dirty+0x79/0x270 ? ext4_ext_replay_set_iblocks+0x2f8/0x450 ext4_ext_replay_set_iblocks+0x330/0x450 ext4_fc_replay+0x14c8/0x1540 ? jread+0x88/0x2e0 ? rcu_is_watching+0x11/0x40 do_one_pass+0x447/0xd00 jbd2_journal_recover+0x139/0x1b0 jbd2_journal_load+0x96/0x390 ext4_load_and_init_journal+0x253/0xd40 ext4_fill_super+0x2cc6/0x3180 ...

In the replay path there's an attempt to lock sbi->s_bdev_wb_lock in function ext4_check_bdev_write_error(). Unfortunately, at this point this spinlock has not been initialized yet. Moving it's initialization to an earlier point in __ext4_fill_super() fixes this splat.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-50014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T19:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix access to uninitialised lock in fc replay path\n\nThe following kernel trace can be triggered with fstest generic/629 when\nexecuted against a filesystem with fast-commit feature enabled:\n\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn\u0027t initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x66/0x90\n register_lock_class+0x759/0x7d0\n __lock_acquire+0x85/0x2630\n ? __find_get_block+0xb4/0x380\n lock_acquire+0xd1/0x2d0\n ? __ext4_journal_get_write_access+0xd5/0x160\n _raw_spin_lock+0x33/0x40\n ? __ext4_journal_get_write_access+0xd5/0x160\n __ext4_journal_get_write_access+0xd5/0x160\n ext4_reserve_inode_write+0x61/0xb0\n __ext4_mark_inode_dirty+0x79/0x270\n ? ext4_ext_replay_set_iblocks+0x2f8/0x450\n ext4_ext_replay_set_iblocks+0x330/0x450\n ext4_fc_replay+0x14c8/0x1540\n ? jread+0x88/0x2e0\n ? rcu_is_watching+0x11/0x40\n do_one_pass+0x447/0xd00\n jbd2_journal_recover+0x139/0x1b0\n jbd2_journal_load+0x96/0x390\n ext4_load_and_init_journal+0x253/0xd40\n ext4_fill_super+0x2cc6/0x3180\n...\n\nIn the replay path there\u0027s an attempt to lock sbi-\u003es_bdev_wb_lock in\nfunction ext4_check_bdev_write_error().  Unfortunately, at this point this\nspinlock has not been initialized yet.  Moving it\u0027s initialization to an\nearlier point in __ext4_fill_super() fixes this splat.",
  "id": "GHSA-v7j7-2w3m-jfff",
  "modified": "2026-07-14T15:31:15Z",
  "published": "2024-10-21T21:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50014"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/13ea9547763a0488a90ff37cdf52ec85e36ea344"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/23dfdb56581ad92a9967bcd720c8c23356af74c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/6e35f560daebe40264c95e9a1ab03110d4997df6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b002031d585a14eed511117dda8c6452a804d508"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V7Q4-97X4-4QW2

Vulnerability from github – Published: 2021-08-25 20:51 – Updated: 2021-08-19 17:22
VLAI
Summary
Use of Uninitialized Resource in truetype
Details

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "truetype"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-28030"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T17:22:46Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.",
  "id": "GHSA-v7q4-97x4-4qw2",
  "modified": "2021-08-19T17:22:46Z",
  "published": "2021-08-25T20:51:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28030"
    },
    {
      "type": "WEB",
      "url": "https://github.com/bodoni/truetype/issues/11"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bodoni/truetype"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2021-0029.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": " Use of Uninitialized Resource in truetype"
}

GHSA-V8JF-78W3-V9HM

Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-06-24 18:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

smb: client: use kzalloc to zero-initialize security descriptor buffer

Commit 62e7dd0a39c2d ("smb: common: change the data type of num_aces to le16") split struct smb_acl's __le32 num_aces field into __le16 num_aces and __le16 reserved. The reserved field corresponds to Sbz2 in the MS-DTYP ACL wire format, which must be zero [1].

When building an ACL descriptor in build_sec_desc(), we are using a kmalloc()'ed descriptor buffer and writing the fields explicitly using le16() writes now. This never writes to the 2 byte reserved field, leaving it as uninitialized heap data.

When the reserved field happens to contain non-zero slab garbage, Samba rejects the security descriptor with "ndr_pull_security_descriptor failed: Range Error", causing chmod to fail with EINVAL.

Change kmalloc() to kzalloc() to ensure the entire buffer is zero-initialized.

[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-46139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T10:16:29Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: use kzalloc to zero-initialize security descriptor buffer\n\nCommit 62e7dd0a39c2d (\"smb: common: change the data type of num_aces\nto le16\") split struct smb_acl\u0027s __le32 num_aces field into __le16\nnum_aces and __le16 reserved. The reserved field corresponds to Sbz2\nin the MS-DTYP ACL wire format, which must be zero [1].\n\nWhen building an ACL descriptor in build_sec_desc(), we are using a\nkmalloc()\u0027ed descriptor buffer and writing the fields explicitly using\nle16() writes now. This never writes to the 2 byte reserved field,\nleaving it as uninitialized heap data.\n\nWhen the reserved field happens to contain non-zero slab garbage,\nSamba rejects the security descriptor with \"ndr_pull_security_descriptor\nfailed: Range Error\", causing chmod to fail with EINVAL.\n\nChange kmalloc() to kzalloc() to ensure the entire buffer is\nzero-initialized.\n\n\n[1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428",
  "id": "GHSA-v8jf-78w3-v9hm",
  "modified": "2026-06-24T18:32:33Z",
  "published": "2026-05-28T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46139"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c3ed344a970aad51388ac3b0145b98318f0e21f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e489c6c47a2ac15edbaca153b9348e42c1eacab"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/941a1e6eb35440336913afc88a82103291956d5d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9bdb2ca31368b7671949dfb94a5d57ffccd01edd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/be1ef9512a3f5a755895c24f31b334342f4aa15b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V8PP-M355-R6CW

Vulnerability from github – Published: 2025-05-29 15:31 – Updated: 2025-11-14 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map().

This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging.

Fix this by making sure that memcache is always valid.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-37996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-908"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-29T14:15:36Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()\n\nCommit fce886a60207 (\"KVM: arm64: Plumb the pKVM MMU in KVM\") made the\ninitialization of the local memcache variable in user_mem_abort()\nconditional, leaving a codepath where it is used uninitialized via\nkvm_pgtable_stage2_map().\n\nThis can fail on any path that requires a stage-2 allocation\nwithout transition via a permission fault or dirty logging.\n\nFix this by making sure that memcache is always valid.",
  "id": "GHSA-v8pp-m355-r6cw",
  "modified": "2025-11-14T18:31:21Z",
  "published": "2025-05-29T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37996"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/157dbc4a321f5bb6f8b6c724d12ba720a90f1a7c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a26d50f8a4a5049e956984797b5d0dedea4bbb18"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile the product with settings that generate warnings about uninitialized variables or data.

No CAPEC attack patterns related to this CWE.