In the Linux kernel, the following vulnerability has been resolved:
net: fix uninit-value in caifseqpktsendmsg
When nrsegs equal to zero in iovecfromuser, the object msg->msgiter.iov is uninit stack memory in caifseqpktsendmsg which is defined in _syssendmsg. So we cann't just judge msg->msgiter.iov->base directlly. We can use nrsegs to judge msg in caifseqpkt_sendmsg whether has data buffers.
===================================================== BUG: KMSAN: uninit-value in caifseqpktsendmsg+0x693/0xf60 net/caif/caifsocket.c:542 Call Trace: dumpstack lib/dumpstack.c:77 [inline] dumpstack+0x1c9/0x220 lib/dumpstack.c:118 kmsanreport+0xf7/0x1e0 mm/kmsan/kmsanreport.c:118 _msanwarning+0x58/0xa0 mm/kmsan/kmsaninstr.c:215 caifseqpktsendmsg+0x693/0xf60 net/caif/caifsocket.c:542 socksendmsgnosec net/socket.c:652 [inline] socksendmsg net/socket.c:672 [inline] syssendmsg+0x12b6/0x1350 net/socket.c:2343 _syssendmsg net/socket.c:2397 [inline] _syssendmmsg+0x808/0xc90 net/socket.c:2480 _compatsys_sendmmsg net/compat.c:656 [inline]