Unrated severityNVD Advisory· Published Oct 19, 2009· Updated Apr 23, 2026
CVE-2009-3228
CVE-2009-3228
Description
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.
Affected products
19cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.4.0,<2.4.37.6
- cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- patchwork.ozlabs.org/patch/32830/nvdPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/03/1nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/05/2nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/06/2nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/07/2nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/17/1nvdMailing ListPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2009/09/17/9nvdMailing ListPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdThird Party Advisory
- secunia.com/advisories/37084nvdThird Party Advisory
- secunia.com/advisories/38794nvdThird Party Advisory
- secunia.com/advisories/38834nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2009-1522.htmlnvdThird Party Advisory
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-864-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/0528nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1540.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1548.htmlnvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6nvdBroken Link
- www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9nvdBroken Link
News mentions
0No linked articles in our index yet.