Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3612

Опубликовано: 19 окт. 2009
Источник: nvd
CVSS2: 2.1
EPSS Низкий

Описание

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 2.4.37.6 (включая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 2.6.0 (включая) до 2.6.32 (исключая)
cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

EPSS

Процентиль: 22%
0.0007
Низкий

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2009-3612

ubuntu
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

redhat логотип

CVE-2009-3612

redhat
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

debian логотип

CVE-2009-3612

debian
больше 15 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsy ...

github логотип

GHSA-vr55-mp4p-wfh2

github
около 3 лет назад

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

oracle-oval логотип

ELSA-2009-1670

oracle-oval
больше 15 лет назад

ELSA-2009-1670: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 22%
0.0007
Низкий

2.1 Low

CVSS2

Дефекты

CWE-200