Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-3612
HistoryOct 19, 2009 - 12:00 a.m.

CVE-2009-3612

2009-10-1900:00:00
ubuntu.com
ubuntu.com
13

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

10.1%

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem
in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does
not initialize a certain tcm__pad2 structure member, which might allow
local users to obtain sensitive information from kernel memory via
unspecified vectors. NOTE: this issue exists because of an incomplete fix
for CVE-2005-4881.

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchlinux< 2.6.24-26.64UNKNOWN
ubuntu8.10noarchlinux< 2.6.27-16.44UNKNOWN
ubuntu9.04noarchlinux< 2.6.28-17.58UNKNOWN
ubuntu9.10noarchlinux< 2.6.31-16.52UNKNOWN
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.81UNKNOWN

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

0.0004 Low

EPSS

Percentile

10.1%