Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2009-3612

Disclosure Date: October 19, 2009 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Products

References

Canonical

CVE-2009-3612 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612)

Advisory

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad61df918c44316940404891d5082c63e79c256a

http://patchwork.ozlabs.org/patch/35412

https://rhn.redhat.com/errata/RHSA-2009-1540.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

USN-864-1 (http://www.ubuntu.com/usn/usn-864-1)

SECUNIA-38794 (http://secunia.com/advisories/38794)

[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates (http://lists.vmware.com/pipermail/security-announce/2010/000082.html)

[oss-security] 20091014 CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 (http://www.openwall.com/lists/oss-security/2009/10/14/2)

http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

[oss-security] 20091014 Re: CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 (http://www.openwall.com/lists/oss-security/2009/10/15/1)

SECUNIA-37909 (http://secunia.com/advisories/37909)

http://www.redhat.com/support/errata/RHSA-2009-1670.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

SECUNIA-38834 (http://secunia.com/advisories/38834)

[oss-security] 20091014 Re: CVE request: kernel: tc: uninitialised kernel memory leak (http://www.openwall.com/lists/oss-security/2009/10/14/1)

[oss-security] 20091015 Re: CVE request kernel: tcf_fill_node() infoleak due to typo in 9ef1d4c7 (http://www.openwall.com/lists/oss-security/2009/10/15/3)

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc5

https://bugzilla.redhat.com/show_bug.cgi?id=528868

SECUNIA-37086 (http://secunia.com/advisories/37086)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10395

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7557

FEDORA-2009-11038 (https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html)

ADV-2010-0528 (http://www.vupen.com/english/advisories/2010/0528)

Miscellaneous

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad61df918c44316940404891d5082c63e79c256a

http://patchwork.ozlabs.org/patch/35412/

Rapid7

Technical Analysis