CVE-2009-3612

Published: Oct 19, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Affected (20)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · +2 more

Show all products

Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server, Linux Enterprise Software Development Kit · Canonical: Ubuntu Linux · Fedoraproject: Fedora

1 product

1 product

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

1 product

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 2.4.37.6
Linux Linux Kernel	From 2.6.0 to 2.6.32
Linux Linux Kernel	Version 2.6.32
Linux Linux Kernel	Version 2.6.32 rc1
Linux Linux Kernel	Version 2.6.32 rc2
Linux Linux Kernel	Version 2.6.32 rc3
Linux Linux Kernel	Version 2.6.32 rc4

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.0
Suse Linux Enterprise Desktop	Version 10 sp2
Suse Linux Enterprise Desktop	Version 10 sp3
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Software Development Kit	Version 10 sp2
Suse Linux Enterprise Software Development Kit	Version 10 sp3

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 10

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (48)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Source: secalert@redhat.com

Third Party Advisory

http://patchwork.ozlabs.org/patch/35412/

Source: secalert@redhat.com

PatchThird Party Advisory

http://secunia.com/advisories/37086

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/37909

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/38794

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/38834

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2009/10/14/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/10/14/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/10/15/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2009/10/15/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1670.html

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/usn-864-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0528

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=528868

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2009-1540.html

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Source: secalert@redhat.com

Third Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a