CVE-2022-2308

MEDIUM Year: 2022
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-457
View all →

Vulnerability Description

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.

Related Vulnerabilities

CVE-2024-9355

MEDIUM
CVSS:6.5(Medium)

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may a...

CWE-4572024

CVE-2024-32625

MEDIUM
CVSS:5.8(Medium)

In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations

CWE-4572024

CVE-2019-1010317

MEDIUM
CVSS:5.5(Medium)

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). ...

CWE-4572019

CVE-2019-1010319

MEDIUM
CVSS:5.5(Medium)

WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:21...

CWE-4572019

CVE-2021-44003

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while par...

CWE-4572021