CWE-908
AllowedUse of Uninitialized Resource
Abstraction: Base · Status: Incomplete
The product uses or accesses a resource that has not been initialized.
822 vulnerabilities reference this CWE, most recent first.
GHSA-5W9C-JPGM-QWV4
Vulnerability from github – Published: 2022-05-24 17:05 – Updated: 2022-05-24 17:05In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828
{
"affected": [],
"aliases": [
"CVE-2020-0006"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828",
"id": "GHSA-5w9c-jpgm-qwv4",
"modified": "2022-05-24T17:05:54Z",
"published": "2022-05-24T17:05:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0006"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2020-01-05"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5X4Q-VFJH-6H4J
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
ptp: ocp: Limit signal/freq counts in summary output functions
The debugfs summary output could access uninitialized elements in the freq_in[] and signal_out[] arrays, causing NULL pointer dereferences and triggering a kernel Oops (page_fault_oops). This patch adds u8 fields (nr_freq_in, nr_signal_out) to track the number of initialized elements, with a maximum of 4 per array. The summary output functions are updated to respect these limits, preventing out-of-bounds access and ensuring safe array handling.
Widen the label variables because the change confuses GCC about max length of the strings.
{
"affected": [],
"aliases": [
"CVE-2025-38054"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T10:15:38Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Limit signal/freq counts in summary output functions\n\nThe debugfs summary output could access uninitialized elements in\nthe freq_in[] and signal_out[] arrays, causing NULL pointer\ndereferences and triggering a kernel Oops (page_fault_oops).\nThis patch adds u8 fields (nr_freq_in, nr_signal_out) to track the\nnumber of initialized elements, with a maximum of 4 per array.\nThe summary output functions are updated to respect these limits,\npreventing out-of-bounds access and ensuring safe array handling.\n\nWiden the label variables because the change confuses GCC about\nmax length of the strings.",
"id": "GHSA-5x4q-vfjh-6h4j",
"modified": "2025-11-14T18:31:22Z",
"published": "2025-06-18T12:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38054"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0b7d3e782027ac3b6fec56159e8e348042000aef"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c9e455581e2ba87ee38c126e8dc49a424b9df0cf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcad74f894ac89790084cc2e1ec61b08220941d1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-62HP-W5VM-G7XM
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2024-02-09 00:31im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
{
"affected": [],
"aliases": [
"CVE-2020-20739"
],
"database_specific": {
"cwe_ids": [
"CWE-908",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-20T19:15:00Z",
"severity": "MODERATE"
},
"details": "im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.",
"id": "GHSA-62hp-w5vm-g7xm",
"modified": "2024-02-09T00:31:33Z",
"published": "2022-05-24T17:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20739"
},
{
"type": "WEB",
"url": "https://github.com/libvips/libvips/issues/1419"
},
{
"type": "WEB",
"url": "https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-62X6-4GMP-FG78
Vulnerability from github – Published: 2024-05-21 15:31 – Updated: 2024-11-06 21:30In the Linux kernel, the following vulnerability has been resolved:
net: fix uninit-value in caif_seqpkt_sendmsg
When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we cann't just judge msg->msg_iter.iov->base directlly. We can use nr_segs to judge msg in caif_seqpkt_sendmsg whether has data buffers.
===================================================== BUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] _syssendmsg+0x12b6/0x1350 net/socket.c:2343 _sys_sendmsg net/socket.c:2397 [inline] __sys_sendmmsg+0x808/0xc90 net/socket.c:2480 __compat_sys_sendmmsg net/compat.c:656 [inline]
{
"affected": [],
"aliases": [
"CVE-2021-47297"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-21T15:15:17Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix uninit-value in caif_seqpkt_sendmsg\n\nWhen nr_segs equal to zero in iovec_from_user, the object\nmsg-\u003emsg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg\nwhich is defined in ___sys_sendmsg. So we cann\u0027t just judge\nmsg-\u003emsg_iter.iov-\u003ebase directlly. We can use nr_segs to judge\nmsg in caif_seqpkt_sendmsg whether has data buffers.\n\n=====================================================\nBUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1c9/0x220 lib/dump_stack.c:118\n kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118\n __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215\n caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542\n sock_sendmsg_nosec net/socket.c:652 [inline]\n sock_sendmsg net/socket.c:672 [inline]\n ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343\n ___sys_sendmsg net/socket.c:2397 [inline]\n __sys_sendmmsg+0x808/0xc90 net/socket.c:2480\n __compat_sys_sendmmsg net/compat.c:656 [inline]",
"id": "GHSA-62x6-4gmp-fg78",
"modified": "2024-11-06T21:30:54Z",
"published": "2024-05-21T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47297"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/452c3ed7bf63721b07bc2238ed1261bb26027e85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9413c0abb57f70a953b1116318d6aa478013c35d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/991e634360f2622a683b48dfe44fe6d9cb765a09"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d4c7797ab1517515f0d08b3bc1c6b48883889c54"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d9d646acad2c3590e189bb5d5c86ab8bd8a2dfc3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffe31dd70b70a40cd6b21b78c1713a23e021843a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-642M-R6QQ-XQRV
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.
{
"affected": [],
"aliases": [
"CVE-2019-18786"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-06T03:15:00Z",
"severity": "LOW"
},
"details": "In the Linux kernel through 5.3.8, f-\u003efmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.",
"id": "GHSA-642m-r6qq-xqrv",
"modified": "2022-05-24T17:00:23Z",
"published": "2022-05-24T17:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18786"
},
{
"type": "WEB",
"url": "https://patchwork.linuxtv.org/patch/59542"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4284-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4285-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4287-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-646R-XF6J-8PVG
Vulnerability from github – Published: 2022-08-06 00:00 – Updated: 2022-08-12 00:01An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
{
"affected": [],
"aliases": [
"CVE-2022-33716"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-05T16:15:00Z",
"severity": "MODERATE"
},
"details": "An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.",
"id": "GHSA-646r-xf6j-8pvg",
"modified": "2022-08-12T00:01:18Z",
"published": "2022-08-06T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33716"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=08"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-64RP-89CR-P8Q9
Vulnerability from github – Published: 2022-05-24 17:13 – Updated: 2022-05-24 17:13An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
{
"affected": [],
"aliases": [
"CVE-2020-11494"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-02T21:15:00Z",
"severity": "LOW"
},
"details": "An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.",
"id": "GHSA-64rp-89cr-p8q9",
"modified": "2022-05-24T17:13:17Z",
"published": "2022-05-24T17:13:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11494"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/b9258a2cece4ec1f020715fe3554bc2e360f6264"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=08fadc32ce6239dc75fd5e869590e29bc62bbc28"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200430-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4363-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4364-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4368-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4369-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-64WV-8VWP-XGW2
Vulnerability from github – Published: 2022-01-06 22:13 – Updated: 2022-01-07 17:19An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ash"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.33.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45688"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-06T16:49:36Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.",
"id": "GHSA-64wv-8vwp-xgw2",
"modified": "2022-01-07T17:19:25Z",
"published": "2022-01-06T22:13:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45688"
},
{
"type": "WEB",
"url": "https://github.com/MaikKlein/ash/issues/354"
},
{
"type": "WEB",
"url": "https://github.com/ash-rs/ash/issues/354"
},
{
"type": "WEB",
"url": "https://github.com/ash-rs/ash/pull/470"
},
{
"type": "WEB",
"url": "https://github.com/ash-rs/ash/commit/2c98b6f384a017de031698bd623551a45f24c8f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/MaikKlein/ash"
},
{
"type": "WEB",
"url": "https://github.com/ash-rs/ash/compare/0.33.0...0.33.1"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ash/RUSTSEC-2021-0090.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0090.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Use of Uninitialized Resource in ash."
}
GHSA-6557-4F9J-97WG
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-58533"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:40Z",
"severity": "MODERATE"
},
"details": "Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-6557-4f9j-97wg",
"modified": "2026-07-14T18:32:40Z",
"published": "2026-07-14T18:32:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58533"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58533"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-65F7-9JMG-75C7
Vulnerability from github – Published: 2025-05-01 15:31 – Updated: 2025-11-07 21:31In the Linux kernel, the following vulnerability has been resolved:
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
struct vmci_event_qp allocated by qp_notify_peer() contains padding,
which may carry uninitialized data to the userspace, as observed by
KMSAN:
BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ...
Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ...
Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750
Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100
Use memset() to prevent the infoleaks.
Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem.
{
"affected": [],
"aliases": [
"CVE-2022-49788"
],
"database_specific": {
"cwe_ids": [
"CWE-908"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-01T15:16:02Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()\n\n`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,\nwhich may carry uninitialized data to the userspace, as observed by\nKMSAN:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121\n instrument_copy_to_user ./include/linux/instrumented.h:121\n _copy_to_user+0x5f/0xb0 lib/usercopy.c:33\n copy_to_user ./include/linux/uaccess.h:169\n vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431\n vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925\n vfs_ioctl fs/ioctl.c:51\n ...\n\n Uninit was stored to memory at:\n kmemdup+0x74/0xb0 mm/util.c:131\n dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271\n vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339\n qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940\n vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488\n vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927\n ...\n\n Local variable ev created at:\n qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n\n Bytes 28-31 of 48 are uninitialized\n Memory access of size 48 starts at ffff888035155e00\n Data copied to user address 0000000020000100\n\nUse memset() to prevent the infoleaks.\n\nAlso speculatively fix qp_notify_peer_local(), which may suffer from the\nsame problem.",
"id": "GHSA-65f7-9jmg-75c7",
"modified": "2025-11-07T21:31:17Z",
"published": "2025-05-01T15:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49788"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5a275528025ae4bc7e2232866856dfebf84b2fad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/62634b43d3c4e1bf62fd540196f7081bf0885c0a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/76c50d77b928a33e5290aaa9fdc10e88254ff8c7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ccf7229b96fadc3a185d1391f814a604c7ef609"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8e2f33c598370bcf828bab4d667d1d38bcd3c57d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e5b0d06d9b10f5f43101bd6598b076c347f9295f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7061dd1fef2dfb6458cd521aef27aa66f510d31"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f04586c2315cfd03d72ad0395705435e7ed07b1a"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Explicitly initialize the resource before use. If this is performed through an API function or standard procedure, follow all required steps.
Mitigation
Pay close attention to complex conditionals that affect initialization, since some branches might not perform the initialization.
Mitigation
Avoid race conditions (CWE-362) during initialization routines.
Mitigation
Run or compile the product with settings that generate warnings about uninitialized variables or data.
No CAPEC attack patterns related to this CWE.