CVE-2019-19039 — Log File Information Exposure in Linux
Severity
5.5MEDIUMNVD
OSV4.1
EPSS
0.4%
top 37.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 21
Latest updateMay 24
Description
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04, 18.04
🔴Vulnerability Details
3OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2020-07-06