The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 02:04
Type | Values Removed | Values Added |
---|---|---|
Summary | The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
13 Feb 2023, 01:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
Information
Published : 2009-10-19 20:00
Updated : 2023-12-10 10:51
NVD link : CVE-2009-3612
Mitre link : CVE-2009-3612
CVE.ORG link : CVE-2009-3612
JSON object : View
Products Affected
canonical
- ubuntu_linux
fedoraproject
- fedora
suse
- linux_enterprise_server
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
opensuse
- opensuse
linux
- linux_kernel
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor