Vulnerability Details : CVE-2019-11833
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
Products affected by CVE-2019-11833
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-11833
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 18 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-11833
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-11833
-
The product uses or accesses a resource that has not been initialized.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-11833
-
https://usn.ubuntu.com/4118-1/
USN-4118-1: Linux kernel (AWS) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
[security-announce] openSUSE-SU-2019:1570-1: important: Security updateBroken Link
-
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
[SECURITY] [DLA 1824-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2019:3517 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://seclists.org/bugtraq/2019/Jun/26
Bugtraq: [SECURITY] [DSA 4465-1] linux security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2019/dsa-4465
Debian -- Security Information -- DSA-4465-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/4068-2/
USN-4068-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
ext4: zero out the unused memory region in the extent tree block · torvalds/linux@592acbf · GitHubPatch;Third Party Advisory
-
http://www.securityfocus.com/bid/108372
Linux Kernel CVE-2019-11833 Local Information Disclosure VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
[SECURITY] [DLA 1823-1] linux security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4068-1/
USN-4068-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
[security-announce] openSUSE-SU-2019:1479-1: important: Security updateBroken Link
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
[security-announce] openSUSE-SU-2019:1579-1: important: Security updateBroken Link
-
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
Kernel Live Patch Security Notice LSN-0058-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2019:2029
RHSA-2019:2029 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/
[SECURITY] Fedora 29 Update: kernel-headers-5.0.19-200.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4076-1/
USN-4076-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4069-2/
USN-4069-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3309 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2043
RHSA-2019:2043 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/4095-2/
USN-4095-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4069-1/
USN-4069-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to