CVE-2009-3228

kernel: tc: uninitialised kernel memory leak

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

La función tc_fill_tclass en net/sched/sch_api.c del subsistema tc en el kernel de Linux v2.4.x anteriores a la v2.4.37.6 y v2.6.x anteriores a la v2.6.31-rc9 no inicializa un determinado miembro de la estructura (1) tcm__pad1 y (2) tcm__pad2, lo que permite a atacantes locales obtener información confidencial de la memoria del kernel a través de vectores de ataque sin especificar.

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-09-16 CVE Reserved
2009-10-19 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime
CWE-909: Missing Initialization of Resource

CAPEC

References (26)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=096ed17f20affc2db0e307658c69b67433992a7a	X_refsource_confirm
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b	X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Mailing List
http://secunia.com/advisories/37084	Third Party Advisory
http://secunia.com/advisories/38794	Third Party Advisory
http://secunia.com/advisories/38834	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6	Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc9	Broken Link
http://www.securitytracker.com/id?1023073	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6757	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9409	Signature

URL	Date	SRC

URL	Date	SRC
http://patchwork.ozlabs.org/patch/32830	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/03/1	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/05/2	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/06/2	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/07/2	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/17/1	2023-11-07
http://www.openwall.com/lists/oss-security/2009/09/17/9	2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=520990	2009-11-03

URL	Date	SRC
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	2023-11-07
http://www.redhat.com/support/errata/RHSA-2009-1522.html	2023-11-07
http://www.ubuntu.com/usn/usn-864-1	2023-11-07
https://rhn.redhat.com/errata/RHSA-2009-1540.html	2023-11-07
https://rhn.redhat.com/errata/RHSA-2009-1548.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2009-3228	2009-11-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.4.0 < 2.4.37.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.4.0 < 2.4.37.6"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.0 < 2.6.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.0 < 2.6.31"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc5		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc6		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc7		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				2.6.31 Search vendor "Linux" for product "Linux Kernel" and version "2.6.31"		rc8		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				5.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "5.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"		-		Affected