Launchpad CVE tracker

CVE 2009-3228

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Related bugs and status

CVE-2009-3228 (Candidate) is related to these bugs:

Bug #395973: Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities

Summary				In	Importance	Status
	395973	Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009090...
MLIST: [oss-security] 2009090...
MLIST: [oss-security] 2009090...
MLIST: [oss-security] 2009090...
MLIST: [oss-security] 2009091...
MLIST: [oss-security] 2009091...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://git.kernel.org/...
CONFIRM: http://patchwork.ozlab...
CONFIRM: http://www.kernel.org/...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
SECTRACK: 1023073
REDHAT: RHSA-2009:1540
REDHAT: RHSA-2009:1548
UBUNTU: USN-864-1
MLIST: [security-announce] 20...
SECUNIA: 38794
SECUNIA: 38834
VUPEN: ADV-2010-0528
MANDRIVA: MDVSA-2010:198
REDHAT: RHSA-2009:1522
SECUNIA: 37084
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2009-3228

Related bugs and status

Related bugs

References