CVE-2019-11833

medium

Description

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/

https://seclists.org/bugtraq/2019/Jun/26

https://usn.ubuntu.com/4068-1/

https://usn.ubuntu.com/4068-2/

https://usn.ubuntu.com/4069-1/

https://usn.ubuntu.com/4069-2/

https://usn.ubuntu.com/4076-1/

https://usn.ubuntu.com/4095-2/

https://usn.ubuntu.com/4118-1/

https://www.debian.org/security/2019/dsa-4465

Details

Published: 2019-05-15

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

Detections

Analytics