Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-3228
HistoryOct 19, 2009 - 12:00 a.m.

CVE-2009-3228

2009-10-1900:00:00
ubuntu.com
ubuntu.com
18

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in
the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not
initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which
might allow local users to obtain sensitive information from kernel memory
via unspecified vectors.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-26.64UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-16.44UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-17.58UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.81UNKNOWN

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS

0

Percentile

10.1%