VYPR
Unrated severityNVD Advisory· Published Oct 19, 2009· Updated Jun 16, 2026

CVE-2009-3228

CVE-2009-3228

Description

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • Linux/Kernel11 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.4.0,<2.4.37.6
    • cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
    • (no CPE)range: < 2.4.37.6 (2.4.x) / < 2.6.31-rc9 (2.6.x)
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

25

News mentions

0

No linked articles in our index yet.