-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
None
-
libsepol-3.7-4.el10
-
None
-
Low
-
3
-
rhel-sst-security-selinux
-
ssg_security
-
2
-
False
-
-
None
-
SELINUX 240925 - 241016, SELINUX 241016 - 241106, SELINUX 241106 - 241127
-
None
Error: UNINIT (CWE-457): [#def83] [important] libsepol-3.6/src/mls.c:673: alloc_fn: Calling "malloc" which returns uninitialized memory. libsepol-3.6/src/mls.c:673: assign: Assigning: "ctx1" = "malloc(64UL)", which points to uninitialized data. libsepol-3.6/src/mls.c:699: uninit_use_in_call: Using uninitialized value "ctx1->range.level[0].cat.node" when calling "context_destroy". # 697| ERR(handle, "could not check if mls context %s contains %s", # 698| mls1, mls2); # 699|-> context_destroy(ctx1); # 700| context_destroy(ctx2); # 701| free(ctx1);
Error: UNINIT (CWE-457): [#def84] [important] libsepol-3.6/src/mls.c:674: alloc_fn: Calling "malloc" which returns uninitialized memory. libsepol-3.6/src/mls.c:674: assign: Assigning: "ctx2" = "malloc(64UL)", which points to uninitialized data. libsepol-3.6/src/mls.c:700: uninit_use_in_call: Using uninitialized value "ctx2->range.level[0].cat.node" when calling "context_destroy". # 698| mls1, mls2); # 699| context_destroy(ctx1); # 700|-> context_destroy(ctx2); # 701| free(ctx1); # 702| free(ctx2);
Error: UNINIT (CWE-457): [#def9] [important] libsepol-3.6/cil/src/cil_binary.c:1348: var_decl: Declaring variable "avtab_datum" without initializer. libsepol-3.6/cil/src/cil_binary.c:1384: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule". # 1382| } else { # 1383| avtab_datum.data = data; # 1384|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor); # 1385| } # 1386|
Error: UNINIT (CWE-457): [#def6] [important] libsepol-3.6/cil/src/cil_binary.c:977: var_decl: Declaring variable "avtab_datum" without initializer. libsepol-3.6/cil/src/cil_binary.c:1059: uninit_use_in_call: Using uninitialized value "avtab_datum". Field "avtab_datum.xperms" is uninitialized when calling "__cil_cond_insert_rule". # 1057| } # 1058| } # 1059|-> rc = __cil_cond_insert_rule(&pdb->te_cond_avtab, &avtab_key, &avtab_datum, cond_node, cond_flavor); # 1060| } # 1061|
Error: UNINIT (CWE-457): [#def47] [important] libsepol-3.6/cil/src/cil_post.c:1307: var_decl: Declaring variable "tmp" without initializer. libsepol-3.6/cil/src/cil_post.c:1380: uninit_use_in_call: Using uninitialized value "tmp.node" when calling "ebitmap_destroy". # 1378| if (rc != SEPOL_OK) { # 1379| cil_log(CIL_INFO, "Failed to apply operator to bitmaps\n"); # 1380|-> ebitmap_destroy(&tmp); # 1381| goto exit; # 1382| }
Error: UNINIT (CWE-457): [#def70] [important] libsepol-3.6/src/kernel_to_cil.c:1427: var_decl: Declaring variable "strs" without initializer. libsepol-3.6/src/kernel_to_cil.c:1475: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy". # 1473| # 1474| exit: # 1475|-> strs_destroy(&strs); # 1476| # 1477| if (rc != 0) {
Error: UNINIT (CWE-457): [#def73] [important] libsepol-3.6/src/kernel_to_conf.c:1410: var_decl: Declaring variable "strs" without initializer. libsepol-3.6/src/kernel_to_conf.c:1449: uninit_use_in_call: Using uninitialized value "strs" when calling "strs_destroy". # 1447| # 1448| exit: # 1449|-> strs_destroy(&strs); # 1450| # 1451| if (rc != 0) {
- clones
-
RHEL-28965 UNINIT (CWE-457)
- Planning
- is cloned by
-
RHEL-35997 direct_api.c:598: cast_underflow: An assign of a possibly negative number to an unsigned type el10
- Integration
- links to
-
RHBA-2024:140957 libsepol bug fix and enhancement update