CWE-908— Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.— MITRE CWE catalog
769 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-908page 14 of 16
- CVE-2025-38309MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xe_svm_init() earlier In xe_vm_close_and_put() we need to be able to call xe_svm_fini(), however during vm creation we can call this on the error path, b…
- CVE-2025-38382MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.…
- CVE-2025-38429MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, pote…
- CVE-2025-38441MEDIUMCVSS 5.5EG 5.52025-07-25
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot…
- CVE-2025-38472MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucke…
- CVE-2025-38478MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyo…
- CVE-2025-38480MEDIUMCVSS 5.5EG 5.52025-07-28
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized data in insn_rw_emulate_bits() For Comedi `INSN_READ` and `INSN_WRITE` instructions on "digital" subdevices (subdevice types `COMEDI_SUB…
- CVE-2025-38531MEDIUMCVSS 5.5EG 5.52025-08-16
In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a ke…
- CVE-2025-38574HIGHCVSS 7.8EG 7.82025-08-19
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a s…
- CVE-2025-38579HIGHCVSS 7.8EG 7.82025-08-19
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read exte…
- CVE-2025-38608MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, i…
- CVE-2025-38613MEDIUMCVSS 5.5EG 5.52025-08-19
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the s…
- CVE-2025-38628MEDIUMCVSS 5.5EG 5.52025-08-22
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdp…
- CVE-2025-38644MEDIUMCVSS 5.5EG 5.52025-08-22
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately af…
- CVE-2025-38658MEDIUMCVSS 5.5EG 5.52025-08-22
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails Have nvmet_req_init() and req->execute() complete failed commands. Description of the problem: …
- CVE-2025-38691MEDIUMCVSS 5.5EG 5.52025-09-04
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger b…
- CVE-2025-38718CVSS 0.0EG 7.82025-09-04
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag …
- CVE-2025-38737MEDIUMCVSS 5.5EG 5.52025-09-05
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can…
- CVE-2025-39684MEDIUMCVSS 5.5EG 5.52025-09-05
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is alloc…
- CVE-2025-39690MEDIUMCVSS 5.5EG 5.52025-09-05
In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the `channels` array is zeroed before u…
- CVE-2025-39812MEDIUMCVSS 5.5EG 5.52025-09-16
In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and s…
- CVE-2025-39833MEDIUMCVSS 5.5EG 5.52025-09-16
In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIG_DEBUG_OBJECTS_TIMERS unloading hfcpci module leads to the following splat: [ 250.215892] ODEBU…
- CVE-2025-39904MEDIUMCVSS 5.5EG 5.52025-10-01
In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexec_buf struct in load_other_segments() Patch series "kexec: Fix invalid field access". The kexec_buf structure was previously declared witho…
- CVE-2025-39931MEDIUMCVSS 5.5EG 5.52025-10-04
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. Th…
- CVE-2025-40829HIGHCVSS 7.8EG 7.82025-12-12
A vulnerability has been identified in Simcenter Femap (All versions < V2512). The affected applications contains an uninitialized memory vulnerability while parsing specially crafted SLDPRT files. This could allow an attacker to execute c…
- CVE-2025-41239HIGHCVSS 7.1EG 7.12025-07-15
VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may b…
- CVE-2025-48513MEDIUMCVSS 6.9EG 6.92026-05-15
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel memory resulting in loss of confidentiality or availability.
- CVE-2025-49718HIGHCVSS 7.5EG 7.52025-07-08
Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.
- CVE-2025-50156MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-50157MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-50165CRITICALCVSS 9.8EG 9.82025-08-12
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
- CVE-2025-53138MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-53148MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-53153MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-53719MEDIUMCVSS 5.7EG 5.72025-08-12
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.
- CVE-2025-53759HIGHCVSS 7.8EG 7.82025-08-12
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-53799MEDIUMCVSS 5.5EG 5.52025-09-09
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
- CVE-2025-55198MEDIUMCVSS 6.5EG 6.52025-08-14
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround…
- CVE-2025-5777HIGHCVSS 7.5EG 9.0⚠ KEV2025-06-17
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- CVE-2025-59194HIGHCVSS 7.0EG 7.02025-10-14
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-59204MEDIUMCVSS 5.5EG 5.52025-10-14
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
- CVE-2025-59964HIGHCVSS 7.5EG 7.52025-10-09
A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-opt…
- CVE-2025-62472HIGHCVSS 7.8EG 7.82025-12-09
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
- CVE-2025-68365MEDIUMCVSS 5.5EG 5.52025-12-24
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value…
- CVE-2025-71096CVSS 0.0EG 5.52026-01-13
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is …
- CVE-2025-71113CVSS 0.0EG 5.52026-01-14
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, r…
- CVE-2025-71115MEDIUMCVSS 5.5EG 5.52026-01-14
In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse(), wh…
- CVE-2025-71311MEDIUMCVSS 5.5EG 5.52026-05-27
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated…
- CVE-2025-9640MEDIUMCVSS 4.3EG 4.32025-10-15
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, re…
- CVE-2026-0915HIGHCVSS 7.5EG 7.52026-01-15
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to …
Map vulnerabilities like CWE-908 to your infrastructure
EchelonGraph correlates every CVE — across CWE-908 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →