CVE-2009-3228

LOW Year: 2009
CVSS v2 Score
2.1
Low
Weakness Type
CWE-909
View all →

Vulnerability Description

The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors.

Related Vulnerabilities

CVE-2022-22704

CRITICAL
CVSS:9.8(Critical)

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the co...

CWE-9092022

CVE-2020-12523

CRITICAL
CVSS:9.1(Critical)

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LA...

CWE-9092020

CVE-2020-11741

HIGH
CVSS:8.8(High)

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly ga...

CWE-9092020

CVE-2021-23994

HIGH
CVSS:8.8(High)

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CWE-9092021

CVE-2021-29980

HIGH
CVSS:8.8(High)

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderb...

CWE-9092021

CVE-2005-1036

HIGH
CVSS:7.8(High)

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to caus...

CWE-9092005