CVE-2009-3228

Published: 19 October 2009

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.31~rc9)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=16ebb5e0b36ceadc8186f71d68b0c4fa4b6e781b
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.31~rc9)