CVE-2019-11833

CWE-908 — Use of Uninitialized Resource CWE-456 CWE-200 — Information Exposure18 documents10 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 93.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Debian Debian Linux +12 more

Timeline

PublishedMay 15

Latest updateMay 24

Description

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel5.1.2

▶Debianlinux< 4.19.37-4+3

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

▶NVDredhat/enterprise_linux_workstation7.0

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6, 7, Fedora 29

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9ph4-cmpw-4gmf: fs/ext4/extents↗2022-05-24

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2 vulnerabilities↗2019-07-25

▶

OSV

CVE-2019-11833: fs/ext4/extents↗2019-05-15

▶

CVEList

CVE-2019-11833: fs/ext4/extents↗2019-05-15

▶

Kernel

ext4: zero out the unused memory region in the extent tree block↗2019-05-10

▶

📋Vendor Advisories

Android

CVE-2019-11833: ext4 filesystem↗2019-11-01

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2019-09-02

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2019-08-13

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2019-08-01

▶

Ubuntu

Linux kernel vulnerabilities↗2019-07-25

▶

💬Community

Bugzilla

CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure [fedora-all]↗2019-05-20

▶

Bugzilla

CVE-2019-11833 kernel: fs/ext4/extents.c leads to information disclosure↗2019-05-20

▶