fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
01 Mar 2023, 15:28
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4069-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4118-1/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4076-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2019/dsa-4465 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4068-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/108372 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html - Broken Link | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2043 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4068-1/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2029 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4095-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4069-2/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html - Broken Link | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jun/26 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html - Broken Link | |
CPE | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:* |
Information
Published : 2019-05-15 13:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-11833
Mitre link : CVE-2019-11833
CVE.ORG link : CVE-2019-11833
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux_for_real_time_tus
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_for_real_time
- enterprise_linux_for_real_time_for_nfv
- enterprise_linux_for_real_time_for_nfv_tus
- enterprise_linux_desktop
canonical
- ubuntu_linux
fedoraproject
- fedora
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-908
Use of Uninitialized Resource