Vulnerabilities > Use of Uninitialized Resource

DATE CVE VULNERABILITY TITLE RISK
2024-05-01 CVE-2024-27022 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1].
local
low complexity
linux CWE-908
7.8
2024-04-28 CVE-2022-48654 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace.
local
low complexity
linux CWE-908
5.5
2024-04-17 CVE-2024-26901 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x100 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] do_sys_name_to_handle fs/fhandle.c:73 [inline] __do_sys_name_to_handle_at fs/fhandle.c:112 [inline] __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 ... Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc+0x121/0x3c0 mm/slab_common.c:1020 kmalloc include/linux/slab.h:604 [inline] do_sys_name_to_handle fs/fhandle.c:39 [inline] __do_sys_name_to_handle_at fs/fhandle.c:112 [inline] __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94 __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94 ... Bytes 18-19 of 20 are uninitialized Memory access of size 20 starts at ffff888128a46380 Data copied to user address 0000000020000240" Per Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to solve the problem.
local
low complexity
linux CWE-908
5.5
2024-04-05 CVE-2024-29745 Use of Uninitialized Resource vulnerability in Google Android
there is a possible Information Disclosure due to uninitialized data.
local
low complexity
google CWE-908
5.5
2024-01-09 CVE-2023-42797 Use of Uninitialized Resource vulnerability in Siemens products
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20).
network
low complexity
siemens CWE-908
7.2
2023-12-14 CVE-2023-4489 Use of Uninitialized Resource vulnerability in Silabs Z/Ip Gateway SDK 7.18.01
The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier.
network
low complexity
silabs CWE-908
critical
9.8
2023-11-27 CVE-2023-31275 Use of Uninitialized Resource vulnerability in Kingsoft WPS Office 11.2.0.11537
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file.
local
low complexity
kingsoft CWE-908
7.8
2023-11-20 CVE-2023-46100 Use of Uninitialized Resource vulnerability in Openharmony
in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource.
local
low complexity
openharmony CWE-908
5.5
2023-10-21 CVE-2023-45663 Use of Uninitialized Resource vulnerability in Nothings STB Image.H 2.28
stb_image is a single file MIT licensed library for processing images.
local
low complexity
nothings CWE-908
5.5
2023-10-12 CVE-2023-31192 Use of Uninitialized Resource vulnerability in Softether VPN 5.01.9674
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674.
network
high complexity
softether CWE-908
5.3