Published: 19/10/2009 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 188

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x prior to 2.6.32-rc5, and 2.4.37.6 and previous versions, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.32
linux linux kernel
suse linux enterprise server 10
opensuse opensuse 11.0
suse linux enterprise desktop 10
suse linux enterprise software development kit 10
canonical ubuntu linux 9.04
canonical ubuntu linux 8.10
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 6.06
fedoraproject fedora 10

It was discovered that the AX25 network subsystem did not correctly check integer signedness in certain setsockopt calls A local attacker could exploit this to crash the system, leading to a denial of service Ubuntu 910 was not affected (CVE-2009-2909) ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2846 Michael Buesch noticed a typing issue in the eisa-eeprom driver for the hppa architecture Lo ...

CWE-200 http://www.openwall.com/lists/oss-security/2009/10/15/3 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5 http://patchwork.ozlabs.org/patch/35412/http://www.openwall.com/lists/oss-security/2009/10/14/1 https://bugzilla.redhat.com/show_bug.cgi?id=528868 http://www.openwall.com/lists/oss-security/2009/10/14/2 http://www.openwall.com/lists/oss-security/2009/10/15/1 http://secunia.com/advisories/37086 https://rhn.redhat.com/errata/RHSA-2009-1540.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://www.redhat.com/support/errata/RHSA-2009-1670.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://secunia.com/advisories/37909 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://www.ubuntu.com/usn/usn-864-1 http://secunia.com/advisories/38794 http://secunia.com/advisories/38834 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://www.vupen.com/english/advisories/2010/0528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a https://nvd.nist.gov https://usn.ubuntu.com/864-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-3612

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect