CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Published: May 15, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11833
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-908

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	5.1.2.x
fedoraproject / fedora	29	29.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	16.04	16.04.x
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_for_real_time	7	7.x
redhat / enterprise_linux_for_real_time_for_nfv	7	7.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_eus	8.1	8.1.x
redhat / enterprise_linux_eus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.2	8.2.x
redhat / enterprise_linux_server_aus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.4	8.4.x
redhat / enterprise_linux_eus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.2	8.2.x
redhat / enterprise_linux_for_real_time_tus	8.4	8.4.x
redhat / enterprise_linux_for_real_time_tus	8.2	8.2.x
redhat / enterprise_linux_server_aus	8.4	8.4.x
redhat / enterprise_linux_for_real_time	8.0	8.0.x
redhat / enterprise_linux_for_real_time_for_nfv	8.0	8.0.x
redhat / enterprise_linux_server_aus	8.6	8.6.x
redhat / enterprise_linux_server_tus	8.6	8.6.x
redhat / enterprise_linux_eus	8.6	8.6.x
redhat / enterprise_linux_for_real_time_for_nfv_tus	8.6	8.6.x
redhat / enterprise_linux_for_real_time_tus	8.6	8.6.x

Vulnerability Database

289,599

CVE-2019-11833