CVE-2009-3228

Published: Oct 19, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Affected (20)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.4.0 to 2.4.37.6
Linux Linux Kernel	From 2.6.0 to 2.6.31
Linux Linux Kernel	Version 2.6.31
Linux Linux Kernel	Version 2.6.31 rc1
Linux Linux Kernel	Version 2.6.31 rc2
Linux Linux Kernel	Version 2.6.31 rc3
Linux Linux Kernel	Version 2.6.31 rc4
Linux Linux Kernel	Version 2.6.31 rc5
Linux Linux Kernel	Version 2.6.31 rc6
Linux Linux Kernel	Version 2.6.31 rc7
Linux Linux Kernel	Version 2.6.31 rc8

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 5.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 5.0

Related CWEs

CWE-909

Missing Initialization of Resource

The product does not initialize a critical resource.

References (50)

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a

Source: cve@mitre.org

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b

Source: cve@mitre.org

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Source: cve@mitre.org

Third Party Advisory

http://patchwork.ozlabs.org/patch/32830/

Source: cve@mitre.org

PatchThird Party Advisory

http://secunia.com/advisories/37084

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/38794

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/38834

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6

Source: cve@mitre.org

Broken Link

http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9

Source: cve@mitre.org

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/03/1

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/05/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/06/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/07/2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/17/1

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/09/17/9

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1522.html

Source: cve@mitre.org

Third Party Advisory

http://www.securitytracker.com/id?1023073

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-864-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0528

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=520990

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757

Source: cve@mitre.org

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409

Source: cve@mitre.org

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-1540.html

Source: cve@mitre.org

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-1548.html

Source: cve@mitre.org

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a