CVE-2009-3612

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Published: Oct 19, 2009
Updated: Nov 8, 2023
CVE: CVE-2009-3612
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.32-rc1	2.6.32-rc1.x
linux / linux_kernel	2.6.32-rc4	2.6.32-rc4.x
linux / linux_kernel	-	2.4.37.6.x
linux / linux_kernel	2.6.32-rc3	2.6.32-rc3.x
linux / linux_kernel	2.6.32-rc2	2.6.32-rc2.x
linux / linux_kernel	2.6.32	2.6.32.x
linux / linux_kernel	2.6.0	2.6.32
suse / linux_enterprise_server	10-sp3	10-sp3.x
opensuse / opensuse	11.0	11.0.x
suse / linux_enterprise_server	10-sp2	10-sp2.x
suse / linux_enterprise_desktop	10-sp2	10-sp2.x
suse / linux_enterprise_software_development_kit	10-sp2	10-sp2.x
suse / linux_enterprise_desktop	10-sp3	10-sp3.x
suse / linux_enterprise_software_development_kit	10-sp3	10-sp3.x
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	8.10	8.10.x
canonical / ubuntu_linux	9.10	9.10.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	6.06	6.06.x
fedoraproject / fedora	10	10.x

Vulnerability Database

289,689

CVE-2009-3612