SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-3612

Date: (C)2009-10-19 (M)2024-02-22

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

FEDORA-2009-11038

SUSE-SA:2009:061

SUSE-SA:2009:064

SUSE-SA:2010:012

http://www.openwall.com/lists/oss-security/2009/10/14/2

http://www.openwall.com/lists/oss-security/2009/10/15/1

http://www.openwall.com/lists/oss-security/2009/10/14/1

http://www.openwall.com/lists/oss-security/2009/10/15/3

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a

http://patchwork.ozlabs.org/patch/35412/

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5

https://bugzilla.redhat.com/show_bug.cgi?id=528868

oval:org.mitre.oval:def:10395

oval:org.mitre.oval:def:7557

cpe:/o:linux:linux_kernel:2.6.32:rc3
cpe:/o:linux:linux_kernel:2.6.32:rc1
cpe:/o:opensuse:opensuse:11.0
cpe:/o:canonical:ubuntu_linux:9.04
...

oval:org.secpod.oval:def:202052
oval:org.secpod.oval:def:201966
oval:org.secpod.oval:def:202216
oval:org.secpod.oval:def:700418
...

© SecPod Technologies