2.1

CVE-2009-3228

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.4.0 < 2.4.37.6
LinuxLinux Kernel Version >= 2.6.0 < 2.6.31
LinuxLinux Kernel Version2.6.31 Update-
LinuxLinux Kernel Version2.6.31 Updaterc1
LinuxLinux Kernel Version2.6.31 Updaterc2
LinuxLinux Kernel Version2.6.31 Updaterc3
LinuxLinux Kernel Version2.6.31 Updaterc4
LinuxLinux Kernel Version2.6.31 Updaterc5
LinuxLinux Kernel Version2.6.31 Updaterc6
LinuxLinux Kernel Version2.6.31 Updaterc7
LinuxLinux Kernel Version2.6.31 Updaterc8
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
RedhatEnterprise Linux Eus Version5.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.313
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-909 Missing Initialization of Resource

The product does not initialize a critical resource.

http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Third Party Advisory
http://secunia.com/advisories/38794
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528
Third Party Advisory
http://secunia.com/advisories/38834
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1540.html
Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1548.html
Third Party Advisory
http://secunia.com/advisories/37084
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6
Broken Link
http://www.openwall.com/lists/oss-security/2009/09/05/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/09/06/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/09/07/2
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/09/17/1
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2009/09/17/9
Patch
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1522.html
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
http://patchwork.ozlabs.org/patch/32830/
Patch
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9
Broken Link
http://www.openwall.com/lists/oss-security/2009/09/03/1
Patch
Third Party Advisory
Mailing List
http://www.securitytracker.com/id?1023073
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-864-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=520990
Patch
Third Party Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409
Third Party Advisory