Lucene search

K
nvd[email protected]NVD:CVE-2009-3228
HistoryOct 19, 2009 - 8:00 p.m.

CVE-2009-3228

2009-10-1920:00:00
CWE-909
web.nvd.nist.gov
9

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.1%

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Affected configurations

Nvd
Node
linuxlinux_kernelRange2.4.02.4.37.6
OR
linuxlinux_kernelRange2.6.02.6.31
OR
linuxlinux_kernelMatch2.6.31-
OR
linuxlinux_kernelMatch2.6.31rc1
OR
linuxlinux_kernelMatch2.6.31rc2
OR
linuxlinux_kernelMatch2.6.31rc3
OR
linuxlinux_kernelMatch2.6.31rc4
OR
linuxlinux_kernelMatch2.6.31rc5
OR
linuxlinux_kernelMatch2.6.31rc6
OR
linuxlinux_kernelMatch2.6.31rc7
OR
linuxlinux_kernelMatch2.6.31rc8
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04-
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
Node
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_eusMatch5.4
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_workstationMatch5.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
linuxlinux_kernel2.6.31cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
Rows per page:
1-10 of 191

References

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0

Percentile

10.1%