CVE-2005-4881

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.x before 2.4.37.6 Linux kernel versions 2.6.x before 2.6.13-rc1

Description The netlink subsystem in the Linux kernel does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. This issue is related to several functions, including tc fill qdisc, tcf fill node, neightbl fill info, neightbl fill param info, neigh fill info, rtnetlink fill ifinfo, rtnetlink fill iwinfo, vif delete, ipmr destroy unres, ipmr cache alloc unres, ipmr cache resolve, inet6 fill ifinfo, tca get fill, tca action flush, tcf add notify, tc dump action, cbq dump police, nlmsg put, rta fill, rta reserve, inet6 fill prefix, rsvp dump, and cbq dump ovl.

Recommendations For Linux kernel versions 2.4.x before 2.4.37.6, update to version 2.4.37.6 or later. For Linux kernel versions 2.6.x before 2.6.13-rc1, update to version 2.6.13-rc1 or later.