Lucene search

K
cve[email protected]CVE-2009-3612
HistoryOct 19, 2009 - 8:00 p.m.

CVE-2009-3612

2009-10-1920:00:00
CWE-200
web.nvd.nist.gov
64
cve-2009-3612
tcf_fill_node function
netlink subsystem
linux kernel
information security

6.1 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

10.1%

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.4.37.6
OR
linuxlinux_kernelRange2.6.02.6.32
OR
linuxlinux_kernelMatch2.6.32-
OR
linuxlinux_kernelMatch2.6.32rc1
OR
linuxlinux_kernelMatch2.6.32rc2
OR
linuxlinux_kernelMatch2.6.32rc3
OR
linuxlinux_kernelMatch2.6.32rc4
Node
opensuseopensuseMatch11.0
OR
suselinux_enterprise_desktopMatch10sp2
OR
suselinux_enterprise_desktopMatch10sp3
OR
suselinux_enterprise_serverMatch10sp2
OR
suselinux_enterprise_serverMatch10sp3
OR
suselinux_enterprise_software_development_kitMatch10sp2
OR
suselinux_enterprise_software_development_kitMatch10sp3
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
Node
fedoraprojectfedoraMatch10

References

6.1 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

10.1%