In the Linux kernel, the following vulnerability has been resolved:

rseq: Fix using an uninitialized stack variable in rseq_exit_user_update()

There is an bug in which an uninitialized stack variable is used in
rseq_exit_user_update() as reported by syzbot:

BUG: KMSAN: kernel-infoleak in rseq_set_ids_get_csaddr include/linux/rseq_entry.h:502 [inline]

The local variable:

	struct rseq_ids ids = {
		.cpu_id	 = task_cpu(t),
		.mm_cid	 = task_mm_cid(t),
		.node_id = cpu_to_node(ids.cpu_id),
	};

According to the C standard, the evaluation order of expressions in an
initializer list is indeterminately sequenced. The compiler (Clang, in
this KMSAN build) evaluates `cpu_to_node(ids.cpu_id)` *before*
`ids.cpu_id` is initialized with `task_cpu(t)`.

This is fixed by moving the assignment of ids.node_id outside the
structure initialization.

https://git.kernel.org/stable/c/6d99479799c69c3cb588fcda19c81d8f61d64ecd

https://git.kernel.org/stable/c/e12d20a63b61aaf9de4772effccf42cc9a003e58

[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/rseq_entry.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d242126fd21ab8f1631fdbc8589e43a9d4229f3b","lessThan":"e12d20a63b61aaf9de4772effccf42cc9a003e58","versionType":"git","status":"affected"},{"version":"82f572449cfe75f12ea985986da60e11f308f77d","lessThan":"6d99479799c69c3cb588fcda19c81d8f61d64ecd","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/rseq_entry.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0.10","lessThan":"7.0.13","versionType":"semver","status":"affected"}]}]