Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-3228
HistoryOct 19, 2009 - 8:00 p.m.

CVE-2009-3228

2009-10-1920:00:00
CWE-909
[email protected]
web.nvd.nist.gov
65
linux
kernel
vulnerability
tc subsystem
sensitive information
nvd
cve-2009-3228

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.1%

JSON

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.4.02.4.37.6
OR
linuxlinux_kernelRange2.6.02.6.31
OR
linuxlinux_kernelMatch2.6.31-
OR
linuxlinux_kernelMatch2.6.31rc1
OR
linuxlinux_kernelMatch2.6.31rc2
OR
linuxlinux_kernelMatch2.6.31rc3
OR
linuxlinux_kernelMatch2.6.31rc4
OR
linuxlinux_kernelMatch2.6.31rc5
OR
linuxlinux_kernelMatch2.6.31rc6
OR
linuxlinux_kernelMatch2.6.31rc7
OR
linuxlinux_kernelMatch2.6.31rc8
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
Node
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_eusMatch5.4
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_workstationMatch5.0
VendorProductVersionCPE
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc5::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:-::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc8::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc7::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc4::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc1::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc6::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc3::
linuxlinux_kernel2.6.31cpe:/o:linux:linux_kernel:2.6.31:rc2::

References

Related

nvd 1
prion 1
ubuntucve 1
veracode 1
cvelist 1
openvas 28
nessus 25
centos 2
oraclelinux 2
redhat 4
securityvulns 2
debian 3
osv 3
ubuntu 1
vmware 4
nvd
nvd
CVE-2009-3228
2009-10-19 20:00:00
prion
prion
Design/Logic Flaw
2009-10-19 20:00:00
ubuntucve
ubuntucve
CVE-2009-3228
2009-10-19 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:39:03
cvelist
cvelist
CVE-2009-3228
2009-10-19 19:27:00
openvas
openvas
RedHat Security Advisory RHSA-2009:1522
2009-10-27 00:00:00
CentOS Update for kernel CESA-2009:1522 centos4 i386
2011-08-09 00:00:00
CentOS Security Advisory CESA-2009:1522 (kernel)
2009-10-27 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL4.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 4 : kernel (ELSA-2009-1522)
2013-07-12 00:00:00
CentOS 4 : kernel (CESA-2009:1522)
2009-10-27 00:00:00
centos
centos
kernel security update
2009-10-26 14:31:26
kernel security update
2009-11-04 19:57:14
oraclelinux
oraclelinux
kernel security and bug fix update
2009-10-22 00:00:00
kernel security and bug fix update
2009-11-03 00:00:00
redhat
redhat
(RHSA-2009:1522) Moderate: kernel security and bug fix update
2009-10-22 00:00:00
(RHSA-2009:1548) Important: kernel security and bug fix update
2009-11-03 00:00:00
(RHSA-2009:1540) Important: kernel-rt security, bug fix, and enhancement update
2009-11-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-11-08 00:00:00
Linux kernel multiple security vulnerabilities
2009-11-08 00:00:00
debian
debian
[SECURITY] [DSA 1927-1] New Linux 2.6.26 packages fix several vulnerabilities
2009-11-05 16:21:03
[SECURITY] [DSA 1929-1] New Linux 2.6.18 packages fix several vulnerabilities
2009-11-06 00:51:43
[SECURITY] [DSA 1928-1] New Linux 2.6.24 packages fix several vulnerabilities
2009-11-05 22:03:48
osv
osv
linux-2.6 - several vulnerabilities
2009-11-05 00:00:00
linux-2.6 - several vulnerabilities
2009-11-05 00:00:00
linux-2.6.24 - several vulnerabilities
2009-11-05 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2009-12-05 00:00:00
vmware
vmware
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESX Service Console and vMA third party updates
2010-03-03 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.1%

JSON
Related for CVE-2009-3228
nvd1prion1ubuntucve1veracode1cvelist1openvas28nessus25centos2oraclelinux2redhat4securityvulns2debian3osv3ubuntu1vmware4