CVE-2025-20638

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-457
View all →

Vulnerability Description

In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.

Related Vulnerabilities

CVE-2022-33716

MEDIUM
CVSS:4.4(Medium)

An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

CWE-4572022

CVE-2022-42432

MEDIUM
CVSS:5.1(Medium)

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged ...

CWE-4572022

CVE-2024-31636

LOW
CVSS:3.9(Low)

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.

CWE-4572024

CVE-2024-45615

LOW
CVSS:3.9(Low)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, ...

CWE-4572024

CVE-2024-45616

LOW
CVSS:3.9(Low)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafte...

CWE-4572024

CVE-2024-45617

LOW
CVSS:3.9(Low)

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafte...

CWE-4572024