CWE-908— Use of Uninitialized Resource
734 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-908page 13 of 15
- CVE-2025-20638MEDIUMCVSS 4.3EG 4.62025-02-03
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User i…
- CVE-2025-21220HIGHCVSS 7.5EG 7.52025-01-14
Microsoft Message Queuing Information Disclosure Vulnerability
- CVE-2025-21272MEDIUMCVSS 6.5EG 6.52025-01-14
Windows COM Server Information Disclosure Vulnerability
- CVE-2025-21288MEDIUMCVSS 6.5EG 6.52025-01-14
Windows COM Server Information Disclosure Vulnerability
- CVE-2025-21312LOWCVSS 2.4EG 2.42025-01-14
Windows Smart Card Reader Information Disclosure Vulnerability
- CVE-2025-21357MEDIUMCVSS 6.7EG 6.72025-01-14
Microsoft Outlook Remote Code Execution Vulnerability
- CVE-2025-21707MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per…
- CVE-2025-21716MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix uninit-value in vxlan_vnifilter_dump() KMSAN reported an uninit-value access in vxlan_vnifilter_dump() [1]. If the length of the netlink message payload is l…
- CVE-2025-2173MEDIUMCVSS 5.3EG 5.32025-03-11
A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. I…
- CVE-2025-21787MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value i…
- CVE-2025-21824MEDIUMCVSS 5.5EG 5.52025-02-27
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of uninitialized mutex leading to below war…
- CVE-2025-21843MEDIUMCVSS 5.5EG 5.52025-03-07
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: avoid garbage value in panthor_ioctl_dev_query() 'priorities_info' is uninitialized, and the uninitialized value is copied to user object when calling PANTH…
- CVE-2025-21862MEDIUMCVSS 5.5EG 5.52025-03-12
In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .…
- CVE-2025-21891MEDIUMCVSS 5.5EG 5.52025-03-27
In the Linux kernel, the following vulnerability has been resolved: ipvlan: ensure network headers are in skb linear part syzbot found that ipvlan_process_v6_outbound() was assuming the IPv6 network header isis present in skb->head [1] …
- CVE-2025-21922MEDIUMCVSS 5.5EG 5.52025-04-01
In the Linux kernel, the following vulnerability has been resolved: ppp: Fix KMSAN uninit-value warning with bpf Syzbot caught an "KMSAN: uninit-value" warning [1], which is caused by the ppp driver not initializing a 2-byte header when …
- CVE-2025-21959MEDIUMCVSS 5.5EG 5.52025-04-01
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Since commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm …
- CVE-2025-21987MEDIUMCVSS 5.5EG 5.52025-04-02
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly c…
- CVE-2025-21996MEDIUMCVSS 5.5EG 5.52025-04-03
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() On the off chance that command stream passed from userspace via ioctl() call to radeon_vce_cs_parse() i…
- CVE-2025-22110MEDIUMCVSS 5.5EG 5.52025-04-16
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error It is possible that ctx in nfqnl_build_packet_message() could be used before it is properly i…
- CVE-2025-22119MEDIUMCVSS 5.5EG 5.52025-04-16
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, …
- CVE-2025-22123MEDIUMCVSS 5.5EG 5.52025-04-16
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid accessing uninitialized curseg syzbot reports a f2fs bug as below: F2FS-fs (loop3): Stopped filesystem due to reason: 7 kworker/u8:7: attempt to acce…
- CVE-2025-2329MEDIUMCVSS 5.3EG 0.02025-07-25
In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and may send a corrupt packet over SPI to its host, causing the host to reset the RCP which results in a denial of…
- CVE-2025-26803MEDIUMCVSS 5.3EG 5.32025-02-24
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.
- CVE-2025-27474MEDIUMCVSS 6.5EG 6.52025-04-08
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-27796MEDIUMCVSS 4.5EG 4.52025-03-07
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
- CVE-2025-27810MEDIUMCVSS 5.4EG 5.42025-03-25
Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
- CVE-2025-29829MEDIUMCVSS 5.5EG 5.52025-05-13
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
- CVE-2025-29830MEDIUMCVSS 6.5EG 6.52025-05-13
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29958MEDIUMCVSS 6.5EG 6.52025-05-13
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-29959MEDIUMCVSS 6.5EG 6.52025-05-13
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
- CVE-2025-31361HIGHCVSS 8.7EG 8.72025-11-17
A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit c…
- CVE-2025-31649HIGHCVSS 8.7EG 8.72025-11-17
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execut…
- CVE-2025-33052MEDIUMCVSS 5.5EG 5.52025-06-10
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- CVE-2025-33070HIGHCVSS 8.1EG 8.12025-06-10
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
- CVE-2025-36893MEDIUMCVSS 5.5EG 5.52025-09-04
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- CVE-2025-37742MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot reports that hex_dump_to_buffer is using uninit-value: =================================…
- CVE-2025-37865MEDIUMCVSS 5.5EG 5.52025-05-09
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reports that on the ZII dev rev B, deleting a bridge VLAN from a user port fails…
- CVE-2025-37887MEDIUMCVSS 5.5EG 5.52025-05-09
In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and…
- CVE-2025-37961MEDIUMCVSS 5.5EG 5.52025-05-20
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local sour…
- CVE-2025-37990MEDIUMCVSS 5.5EG 5.52025-05-20
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check i…
- CVE-2025-37996MEDIUMCVSS 5.5EG 5.52025-05-29
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local mem…
- CVE-2025-38006MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: net: mctp: Don't access ifa_index when missing In mctp_dump_addrinfo, ifa_index can be used to filter interfaces, but only when the struct ifaddrmsg is provided. Otherwi…
- CVE-2025-38012MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators even after new() returns an error value (…
- CVE-2025-38054MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Limit signal/freq counts in summary output functions The debugfs summary output could access uninitialized elements in the freq_in[] and signal_out[] arrays, c…
- CVE-2025-38072MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory…
- CVE-2025-38086MEDIUMCVSS 5.5EG 5.52025-06-28
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_rea…
- CVE-2025-38136MEDIUMCVSS 5.5EG 5.52025-07-03
In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Reorder clock handling and power management in probe Reorder the initialization sequence in `usbhs_probe()` to enable runtime PM before accessing reg…
- CVE-2025-38225MEDIUMCVSS 5.5EG 5.52025-07-04
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which wi…
- CVE-2025-38229MEDIUMCVSS 5.5EG 5.52025-07-04
In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb…
- CVE-2025-38277MEDIUMCVSS 5.5EG 5.52025-07-10
In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx->steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. I…
Map vulnerabilities like CWE-908 to your infrastructure
EchelonGraph correlates every CVE — across CWE-908 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →