CVE-2009-3228

Published: 19 October 2009

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (2.6.24-26.64)
	intrepid	Released (2.6.27-16.44)
	jaunty	Released (2.6.28-17.58)
	karmic	Not vulnerable
	upstream	Released (2.6.31~rc9)
	Patches: upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
linux-source-2.6.15 Launchpad, Ubuntu, Debian	dapper	Released (2.6.15-55.81)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	upstream	Released (2.6.31~rc9)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2009-3228

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading