Unrated severityNVD Advisory· Published Aug 28, 2009· Updated Apr 23, 2026
CVE-2009-3001
CVE-2009-3001
Description
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
Affected products
12cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <2.6.31
- cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securityfocus.com/bid/36126nvdExploitThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingThird Party Advisory
- secunia.com/advisories/37105nvdThird Party Advisory
- www.exploit-db.com/exploits/9513nvdThird Party AdvisoryVDB Entry
- www.openwall.com/lists/oss-security/2009/08/26/1nvdMailing ListThird Party Advisory
- www.ubuntu.com/usn/USN-852-1nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/52732nvdThird Party AdvisoryVDB Entry
- jon.oberheide.org/files/llc-getsockname-leak.cnvdBroken Link
- git.kernel.orgnvd
News mentions
0No linked articles in our index yet.