CWE-908— Use of Uninitialized Resource
734 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-908page 8 of 15
- CVE-2022-49507MEDIUMCVSS 5.5EG 5.52025-02-26
In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regma…
- CVE-2022-49567MEDIUMCVSS 5.5EG 5.52025-02-26
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL. Check pol->mode before…
- CVE-2022-49675MEDIUMCVSS 5.5EG 5.52025-02-26
In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport __init-annotated tick_nohz_full_setup() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initializa…
- CVE-2022-49726MEDIUMCVSS 5.5EG 5.52025-02-26
In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the …
- CVE-2022-49788MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized da…
- CVE-2022-49790MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: …
- CVE-2022-49813MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call dest…
- CVE-2022-49845MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initia…
- CVE-2022-49862MEDIUMCVSS 5.5EG 5.52025-05-01
In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name…
- CVE-2022-49957CVSS 0.0EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is u…
- CVE-2022-50127MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxe_create_qp() In the function rxe_create_qp(), rxe_qp_from_init() is called to initialize qp, internally things like the spin locks are n…
- CVE-2022-50165MEDIUMCVSS 5.5EG 5.52025-06-18
In the Linux kernel, the following vulnerability has been resolved: wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() but it forgets t…
- CVE-2022-50236MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec() If the system is rebooted via isr(), the IRQ handler might be triggered before the domain is initialized. Resulting on an …
- CVE-2022-50282MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdev_device_add() While doing fault injection test, I got the following report: ------------[ cut here ]------------ kobject: '(null)' (0…
- CVE-2022-50335MEDIUMCVSS 5.5EG 5.52025-09-15
In the Linux kernel, the following vulnerability has been resolved: 9p: set req refcount to zero to avoid uninitialized usage When a new request is allocated, the refcount will be zero if it is reused, but if the request is newly allocat…
- CVE-2022-50346MEDIUMCVSS 5.5EG 5.52025-09-16
In the Linux kernel, the following vulnerability has been resolved: ext4: init quota for 'old.inode' in 'ext4_rename' Syzbot found the following issue: ext4_parse_param: s_want_extra_isize=128 ext4_inode_info_init: s_want_extra_isize=32 …
- CVE-2022-50374MEDIUMCVSS 5.5EG 5.52025-09-17
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called…
- CVE-2022-50473MEDIUMCVSS 5.5EG 5.52025-10-04
In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobject_init_and_add() In cpufreq_policy_alloc(), it will call uninitialed completion in cpufreq_sysfs_release() when kobject_init_and_ad…
- CVE-2022-50482MEDIUMCVSS 5.5EG 5.52025-10-04
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up si_domain in the init_dmars() error path A splat from kmem_cache_destroy() was seen with a kernel prior to commit ee2653bbe89d ("iommu/vt-d: Remove …
- CVE-2022-50546HIGHCVSS 7.8EG 7.82025-10-07
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninititialized value in 'ext4_evict_inode' Syzbot found the following issue: ===================================================== BUG: KMSAN: uninit-value in…
- CVE-2023-21127HIGHCVSS 8.8EG 8.82023-06-15
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat…
- CVE-2023-21233HIGHCVSS 7.5EG 7.52023-08-14
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio…
- CVE-2023-21276MEDIUMCVSS 5.5EG 5.52023-08-14
In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for …
- CVE-2023-21753MEDIUMCVSS 5.5EG 5.52023-01-10
Event Tracing for Windows Information Disclosure Vulnerability
- CVE-2023-22281HIGHCVSS 7.5EG 7.52023-02-01
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisc…
- CVE-2023-22330MEDIUMCVSS 6.0EG 6.02023-08-11
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2023-22897MEDIUMCVSS 6.5EG 9.02023-04-12
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved vi…
- CVE-2023-23413HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24886HIGHCVSS 8.8EG 8.82023-04-11
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24941CRITICALCVSS 9.8EG 9.82023-05-09
Windows Network File System Remote Code Execution Vulnerability
- CVE-2023-25585MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
- CVE-2023-25586MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
- CVE-2023-25588MEDIUMCVSS 4.7EG 4.72023-09-14
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
- CVE-2023-2747LOWCVSS 3.1EG 3.12023-06-15
The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized.
- CVE-2023-27598HIGHCVSS 7.5EG 7.52023-03-15
OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially…
- CVE-2023-28967HIGHCVSS 7.5EG 7.52023-04-17
A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device…
- CVE-2023-29367HIGHCVSS 7.8EG 7.82023-06-14
iSCSI Target WMI Provider Remote Code Execution Vulnerability
- CVE-2023-31192MEDIUMCVSS 5.3EG 5.32023-10-12
An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-midd…
- CVE-2023-31275HIGHCVSS 8.8EG 8.82023-11-27
An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a …
- CVE-2023-32016MEDIUMCVSS 5.5EG 5.52023-06-14
Windows Installer Information Disclosure Vulnerability
- CVE-2023-32041MEDIUMCVSS 5.5EG 5.52023-07-11
Windows Update Orchestrator Service Information Disclosure Vulnerability
- CVE-2023-32042MEDIUMCVSS 6.5EG 6.52023-07-11
OLE Automation Information Disclosure Vulnerability
- CVE-2023-32213HIGHCVSS 8.8EG 8.82023-06-02
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- CVE-2023-3488LOWCVSS 3.8EG 3.82023-07-28
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.
- CVE-2023-35325HIGHCVSS 7.5EG 7.52023-07-11
Windows Print Spooler Information Disclosure Vulnerability
- CVE-2023-35326MEDIUMCVSS 5.5EG 5.52023-07-11
Windows CDP User Components Information Disclosure Vulnerability
- CVE-2023-35847HIGHCVSS 7.5EG 7.52023-06-19
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
- CVE-2023-36012MEDIUMCVSS 5.3EG 5.32023-12-12
DHCP Server Service Information Disclosure Vulnerability
- CVE-2023-36398MEDIUMCVSS 6.5EG 6.52023-11-14
Windows NTFS Information Disclosure Vulnerability
- CVE-2023-36567HIGHCVSS 7.5EG 7.52023-10-10
Windows Deployment Services Information Disclosure Vulnerability
Map vulnerabilities like CWE-908 to your infrastructure
EchelonGraph correlates every CVE — across CWE-908 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →