Vulnerabilities > Use of Uninitialized Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-29 | CVE-2021-47056 | Use of Uninitialized Resource vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the vf2pf_lock is initialized in adf_dev_init(), which can fail and when it fail, the vf2pf_lock is either not initialized or destroyed, a subsequent use of vf2pf_lock will cause issue. To fix this issue, only set this flag if adf_dev_init() returns 0. [ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0 [ 7.180345] Call Trace: [ 7.182576] mutex_lock+0xc9/0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf] | 5.5 |
| 2024-02-24 | CVE-2024-21502 | Use of Uninitialized Resource vulnerability in Antonkueltz Fastecdsa Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. | 7.5 |
| 2024-02-21 | CVE-2024-26147 | Use of Uninitialized Resource vulnerability in Helm Helm is a package manager for Charts for Kubernetes. | 7.5 |
| 2023-12-14 | CVE-2023-4489 | Use of Uninitialized Resource vulnerability in Silabs Z/Ip Gateway SDK 7.18.01/7.18.03 The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. | 9.8 |
| 2023-11-27 | CVE-2023-31275 | Use of Uninitialized Resource vulnerability in Kingsoft WPS Office 11.2.0.11537 An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. | 7.8 |
| 2023-11-20 | CVE-2023-46100 | Use of Uninitialized Resource vulnerability in Openatom Openharmony in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. | 5.5 |
| 2023-10-12 | CVE-2023-31192 | Use of Uninitialized Resource vulnerability in Softether VPN 5.01.9674 An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. | 5.3 |
| 2023-09-14 | CVE-2023-25585 | Use of Uninitialized Resource vulnerability in GNU Binutils 2.40 A flaw was found in Binutils. | 5.5 |
| 2023-09-14 | CVE-2023-25586 | Use of Uninitialized Resource vulnerability in GNU Binutils 2.40 A flaw was found in Binutils. | 5.5 |
| 2023-09-14 | CVE-2023-25588 | Use of Uninitialized Resource vulnerability in GNU Binutils 2.40 A flaw was found in Binutils. | 5.5 |