2.1
CVE-2009-3228
- EPSS 0.08%
- Published 19.10.2009 20:00:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.4.0 < 2.4.37.6
Linux ≫ Linux Kernel Version >= 2.6.0 < 2.6.31
Linux ≫ Linux Kernel Version2.6.31 Update-
Linux ≫ Linux Kernel Version2.6.31 Updaterc1
Linux ≫ Linux Kernel Version2.6.31 Updaterc2
Linux ≫ Linux Kernel Version2.6.31 Updaterc3
Linux ≫ Linux Kernel Version2.6.31 Updaterc4
Linux ≫ Linux Kernel Version2.6.31 Updaterc5
Linux ≫ Linux Kernel Version2.6.31 Updaterc6
Linux ≫ Linux Kernel Version2.6.31 Updaterc7
Linux ≫ Linux Kernel Version2.6.31 Updaterc8
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Eus Version5.4
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Workstation Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.201 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
CWE-909 Missing Initialization of Resource
The product does not initialize a critical resource.