CVE - CVE-2009-3228

CVE-ID
CVE-2009-3228	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=096ed17f20affc2db0e307658c69b67433992a7a CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b CONFIRM:http://patchwork.ozlabs.org/patch/32830/ CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6 CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=520990 MANDRIVA:MDVSA-2010:198 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:198~~ (Obsolete source) MLIST:[oss-security] 20090903 CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/03/1 MLIST:[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/05/2 MLIST:[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/06/2 MLIST:[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/07/2 MLIST:[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/17/1 MLIST:[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak URL:http://www.openwall.com/lists/oss-security/2009/09/17/9 MLIST:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html OVAL:oval:org.mitre.oval:def:6757 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757 OVAL:oval:org.mitre.oval:def:9409 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409 REDHAT:RHSA-2009:1522 URL:http://www.redhat.com/support/errata/RHSA-2009-1522.html REDHAT:RHSA-2009:1540 URL:https://rhn.redhat.com/errata/RHSA-2009-1540.html REDHAT:RHSA-2009:1548 URL:https://rhn.redhat.com/errata/RHSA-2009-1548.html SECTRACK:1023073 URL:http://www.securitytracker.com/id?1023073 SECUNIA:37084 URL:http://secunia.com/advisories/37084 SECUNIA:38794 URL:http://secunia.com/advisories/38794 SECUNIA:38834 URL:http://secunia.com/advisories/38834 UBUNTU:USN-864-1 URL:http://www.ubuntu.com/usn/usn-864-1 VUPEN:ADV-2010-0528 URL:~~http://www.vupen.com/english/advisories/2010/0528~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20090916	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090916)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)