CVE-2019-11833

medium

Description

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

References

https://www.debian.org/security/2019/dsa-4465

https://usn.ubuntu.com/4118-1/

https://usn.ubuntu.com/4095-2/

https://usn.ubuntu.com/4076-1/

https://usn.ubuntu.com/4069-2/

https://usn.ubuntu.com/4069-1/

https://usn.ubuntu.com/4068-2/

https://usn.ubuntu.com/4068-1/

https://seclists.org/bugtraq/2019/Jun/26

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2029

http://www.securityfocus.com/bid/108372

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Details

Source: Mitre, NVD

Published: 2019-05-15

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics