CWE-908— Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.— MITRE CWE catalog
769 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-908page 11 of 16
- CVE-2024-38593MEDIUMCVSS 5.5EG 5.52024-06-19
In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fix receiving the timestamp in the frame for lan8841 The blamed commit started to use the ptp workqueue to get the second part of the timestamp. And when th…
- CVE-2024-38619MEDIUMCVSS 5.5EG 5.52024-06-20
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing …
- CVE-2024-3862MEDIUMCVSS 5.3EG 5.32024-04-16
The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.
- CVE-2024-39491MEDIUMCVSS 5.5EG 5.52024-07-10
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a mis…
- CVE-2024-39507MEDIUMCVSS 5.5EG 5.52024-07-12
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time,…
- CVE-2024-40926MEDIUMCVSS 5.5EG 5.52024-07-12
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: don't attempt to schedule hpd_work on headless cards If the card doesn't have display hardware, hpd_work and hpd_lock are left uninitialized which causes BU…
- CVE-2024-40931MEDIUMCVSS 5.5EG 5.52024-07-12
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It…
- CVE-2024-40998MEDIUMCVSS 5.5EG 5.52024-07-12
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_super ex…
- CVE-2024-41052MEDIUMCVSS 5.5EG 5.52024-07-29
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and cr…
- CVE-2024-41059HIGHCVSS 7.1EG 7.12024-07-29
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus…
- CVE-2024-42063MEDIUMCVSS 5.5EG 5.52024-07-29
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode syzbot reported uninit memory usages during map_{lookup,delete}_elem. ========== BUG: KMSAN: uni…
- CVE-2024-42076MEDIUMCVSS 5.5EG 5.52024-07-29
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused da…
- CVE-2024-42096MEDIUMCVSS 5.5EG 5.52024-07-29
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with,…
- CVE-2024-42106MEDIUMCVSS 5.5EG 5.52024-07-30
In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet…
- CVE-2024-42113MEDIUMCVSS 5.5EG 5.52024-07-30
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_al…
- CVE-2024-42128MEDIUMCVSS 5.5EG 5.52024-07-30
In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregister…
- CVE-2024-42129MEDIUMCVSS 5.5EG 5.52024-07-30
In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered…
- CVE-2024-42161MEDIUMCVSS 6.3EG 7.82024-07-30
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' ma…
- CVE-2024-42225HIGHCVSS 7.5EG 7.52024-07-30
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data
- CVE-2024-42228HIGHCVSS 7.0EG 7.02024-07-30
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To real…
- CVE-2024-42272MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointe…
- CVE-2024-42283MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage.…
- CVE-2024-42311MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0…
- CVE-2024-42312MEDIUMCVSS 5.5EG 5.52024-08-17
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc…
- CVE-2024-43458HIGHCVSS 7.7EG 7.72024-09-10
Windows Networking Information Disclosure Vulnerability
- CVE-2024-43502HIGHCVSS 7.1EG 7.12024-10-08
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-43537MEDIUMCVSS 6.5EG 6.52024-10-08
Windows Mobile Broadband Driver Denial of Service Vulnerability
- CVE-2024-43815HIGHCVSS 7.1EG 7.12024-08-17
In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's …
- CVE-2024-43845LOWCVSS 3.3EG 3.32024-08-17
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved …
- CVE-2024-44983HIGHCVSS 7.1EG 7.12024-09-04
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup.…
- CVE-2024-44999HIGHCVSS 7.1EG 7.12024-09-04
In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->…
- CVE-2024-45005MEDIUMCVSS 5.5EG 5.52024-09-04
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.us…
- CVE-2024-45615LOWCVSS 3.9EG 3.92024-09-03
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
- CVE-2024-45616LOWCVSS 3.9EG 3.92024-09-03
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following pr…
- CVE-2024-45617LOWCVSS 3.9EG 3.92024-09-03
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or …
- CVE-2024-45618LOWCVSS 3.9EG 3.92024-09-03
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of…
- CVE-2024-46784MEDIUMCVSS 5.5EG 5.52024-09-18
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrti…
- CVE-2024-46865HIGHCVSS 7.1EG 7.12024-09-27
In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitial…
- CVE-2024-47540CRITICALCVSS 9.8EG 9.82024-12-12
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the p…
- CVE-2024-47685CRITICALCVSS 9.1EG 9.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th-…
- CVE-2024-47687MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr resources which never got initialized in the first place.…
- CVE-2024-47966HIGHCVSS 7.8EG 7.82024-10-10
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current proce…
- CVE-2024-49029HIGHCVSS 7.8EG 7.82024-11-12
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2024-49900HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: =====================================================…
- CVE-2024-49990MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check. Add gsc structure check to avoid null pointer error.
- CVE-2024-50014MEDIUMCVSS 5.5EG 5.52024-10-21
In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast…
- CVE-2024-50033HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() onl…
- CVE-2024-50035HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_e…
- CVE-2024-50110MEDIUMCVSS 5.5EG 5.52024-11-05
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _…
- CVE-2024-50143HIGHCVSS 7.8EG 7.82024-11-07
In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMS…
Map vulnerabilities like CWE-908 to your infrastructure
EchelonGraph correlates every CVE — across CWE-908 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →