CVE-2009-3001
Published Aug 28, 2009
Last updated a year ago
Overview
- Description
- The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for PF_LLC sockets in the Linux kernels.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1BA972-91FE-417F-B0AD-D3067DA8C96F",
"versionEndExcluding": "2.6.31"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2887290A-1B43-4DB9-A9D0-B0B56CD78E48"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29C4A364-ED36-4AC8-AD1E-8BD18DD9324D"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4049867A-E3B2-4DC1-8966-0477E6A5D582"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2507858-675B-4DA2-A49E-00DB54700CF3"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A25EA55-3F1C-440C-A383-0BB9556C9508"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2665356-4EF5-4543-AD15-67FDB851DCCD"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26E7609B-B058-496D-ACDD-7F69FBDE89E5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
}
],
"operator": "OR"
}
]
}
]