Unrated severityNVD Advisory· Published Oct 19, 2009· Updated Apr 23, 2026
CVE-2009-3612
CVE-2009-3612
Description
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.
Affected products
19cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <=2.4.37.6
- cpe:2.3:o:linux:linux_kernel:2.6.32:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.32:rc4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- patchwork.ozlabs.org/patch/35412/nvdPatchThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvdThird Party Advisory
- secunia.com/advisories/37086nvdThird Party Advisory
- secunia.com/advisories/37909nvdThird Party Advisory
- secunia.com/advisories/38794nvdThird Party Advisory
- secunia.com/advisories/38834nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2009/10/14/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2009/10/14/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2009/10/15/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2009/10/15/3nvdMailing ListThird Party Advisory
- www.redhat.com/support/errata/RHSA-2009-1670.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/usn-864-1nvdThird Party Advisory
- www.vupen.com/english/advisories/2010/0528nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395nvdThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1540.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.htmlnvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5nvdBroken Link
News mentions
0No linked articles in our index yet.