# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2011-0762 |
400 |
1
|
DoS |
2011-03-02 |
2021-03-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632. |
2 |
CVE-2010-4180 |
|
|
|
2010-12-06 |
2022-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier. |
3 |
CVE-2010-4072 |
200 |
|
+Info |
2010-11-29 |
2020-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
The copy_shmid_to_user function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface." |
4 |
CVE-2010-3904 |
20 |
|
+Priv |
2010-12-06 |
2020-08-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. |
5 |
CVE-2010-3850 |
|
|
Bypass |
2010-12-30 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. |
6 |
CVE-2010-3849 |
476 |
|
DoS |
2010-12-30 |
2020-08-14 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field. |
7 |
CVE-2010-3848 |
787 |
|
Overflow +Priv |
2010-12-30 |
2020-08-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures. |
8 |
CVE-2010-3705 |
400 |
|
DoS Mem. Corr. |
2010-11-26 |
2020-08-10 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel before 2.6.36 does not properly validate the hmac_ids array of an SCTP peer, which allows remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. |
9 |
CVE-2010-3702 |
476 |
|
DoS |
2010-11-05 |
2020-12-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. |
10 |
CVE-2010-3477 |
399 |
|
+Info |
2010-09-21 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942. |
11 |
CVE-2010-3442 |
190 |
|
DoS Overflow Mem. Corr. |
2010-10-04 |
2020-08-10 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call. |
12 |
CVE-2010-3437 |
476 |
1
|
DoS +Info |
2010-10-04 |
2020-08-13 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call. |
13 |
CVE-2010-3432 |
20 |
|
DoS |
2010-11-22 |
2020-08-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The sctp_packet_config function in net/sctp/output.c in the Linux kernel before 2.6.35.6 performs extraneous initializations of packet data structures, which allows remote attackers to cause a denial of service (panic) via a certain sequence of SCTP traffic. |
14 |
CVE-2010-3297 |
909 |
|
+Info |
2010-09-30 |
2020-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call. |
15 |
CVE-2010-3080 |
415 |
|
DoS |
2010-09-21 |
2020-08-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device. |
16 |
CVE-2010-3078 |
200 |
|
+Info |
2010-09-21 |
2020-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call. |
17 |
CVE-2010-3067 |
190 |
|
DoS Overflow |
2010-09-21 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call. |
18 |
CVE-2010-2963 |
20 |
|
+Priv |
2010-11-26 |
2020-08-14 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. |
19 |
CVE-2010-2960 |
476 |
|
DoS |
2010-09-08 |
2020-08-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function. |
20 |
CVE-2010-2955 |
193 |
|
+Info |
2010-09-08 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in the Linux kernel before 2.6.36-rc3-next-20100831 does not properly initialize certain structure members, which allows local users to leverage an off-by-one error in the ioctl_standard_iw_point function in net/wireless/wext-core.c, and obtain potentially sensitive information from kernel heap memory, via vectors involving an SIOCGIWESSID ioctl call that specifies a large buffer size. |
21 |
CVE-2010-2954 |
476 |
|
DoS |
2010-09-03 |
2020-08-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. |
22 |
CVE-2010-2942 |
401 |
|
+Info |
2010-09-21 |
2020-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which allows local users to obtain potentially sensitive information from kernel memory via vectors related to (1) the tcf_gact_dump function in net/sched/act_gact.c, (2) the tcf_mirred_dump function in net/sched/act_mirred.c, (3) the tcf_nat_dump function in net/sched/act_nat.c, (4) the tcf_simp_dump function in net/sched/act_simple.c, and (5) the tcf_skbedit_dump function in net/sched/act_skbedit.c. |
23 |
CVE-2010-2808 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. |
24 |
CVE-2010-2807 |
681 |
|
DoS Exec Code |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
25 |
CVE-2010-2806 |
129 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. |
26 |
CVE-2010-2805 |
20 |
|
DoS Exec Code |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
27 |
CVE-2010-2798 |
476 |
|
DoS |
2010-09-08 |
2020-08-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact by renaming a file in a GFS2 filesystem, related to the gfs2_rename function in fs/gfs2/ops_inode.c. |
28 |
CVE-2010-2541 |
120 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
29 |
CVE-2010-2527 |
120 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in demo programs in FreeType before 2.4.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
30 |
CVE-2010-2524 |
|
|
|
2010-09-08 |
2020-08-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals. |
31 |
CVE-2010-2520 |
787 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-03-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
32 |
CVE-2010-2519 |
787 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. |
33 |
CVE-2010-2500 |
190 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
34 |
CVE-2010-2499 |
120 |
|
DoS Exec Code Overflow |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. |
35 |
CVE-2010-2498 |
787 |
|
DoS Exec Code Mem. Corr. |
2010-08-19 |
2021-04-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. |
36 |
CVE-2010-2478 |
190 |
|
DoS Overflow |
2010-09-29 |
2020-08-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. |
37 |
CVE-2010-2249 |
401 |
|
DoS |
2010-06-30 |
2020-08-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. |
38 |
CVE-2010-2226 |
200 |
|
+Info |
2010-09-03 |
2020-08-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel before 2.6.35 does not properly check the file descriptors passed to the SWAPEXT ioctl, which allows local users to leverage write access and obtain read access by swapping one file into another file. |
39 |
CVE-2010-2066 |
|
|
|
2010-09-08 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a donor. |
40 |
CVE-2010-2008 |
77 |
|
DoS |
2010-07-13 |
2020-11-09 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory. |
41 |
CVE-2010-1321 |
476 |
|
DoS |
2010-05-19 |
2021-02-02 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. |
42 |
CVE-2010-1205 |
120 |
|
Exec Code Overflow |
2010-06-30 |
2020-08-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. |
43 |
CVE-2010-0623 |
|
|
DoS |
2010-02-15 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. |
44 |
CVE-2010-0205 |
400 |
|
DoS |
2010-03-03 |
2020-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. |
45 |
CVE-2009-4895 |
362 |
|
DoS |
2010-09-08 |
2020-08-27 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9. |
46 |
CVE-2009-4484 |
787 |
1
|
DoS Exec Code Overflow Mem. Corr. |
2009-12-30 |
2020-11-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. |
47 |
CVE-2009-3621 |
400 |
|
DoS |
2009-10-22 |
2020-08-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. |
48 |
CVE-2009-3612 |
200 |
|
+Info |
2009-10-19 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
49 |
CVE-2009-3547 |
362 |
|
DoS +Priv |
2009-11-04 |
2020-08-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. |
50 |
CVE-2009-3228 |
909 |
|
+Info |
2009-10-19 |
2020-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. |