cbcvebase.
CVE-2009-3001
published 2009-08-28

CVE-2009-3001: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local…

PriorityP420medium4.9CVSS 2.0
AVLACLAuNCCINAN
EXPLOIT
EPSS
1.02%
59.0th percentile
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.

Affected

6 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
linuxlinux_kernel< 2.6.312.6.31
linuxlinux_kernel

CVSS provenance

nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:C/I:N/A:N
vendor_redhat4.9MEDIUM
vendor_ubuntu4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.