PT-2019-2822 · Linux+5 · Linux Kernel+5

Published

2019-05-10

·

Updated

2023-03-01

·

CVE-2019-11833

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.1.2
Description The issue is related to the fs/ext4/extents.c file in the Linux kernel, which does not properly clear unused memory regions in the extent tree block. This might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. The vulnerability is associated with a lack of protection for internal data, which could be exploited to reveal protected information.
Recommendations For Linux kernel versions through 5.1.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use of Uninitialized Resource

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-200

Related Identifiers

ALT-PU-2019-1886
ALT-PU-2019-1887
ALT-PU-2019-1889
ALT-PU-2019-1892
ALT-PU-2019-1893
ALT-PU-2019-1896
ALT-PU-2019-2061
ALT-PU-2019-2063
ALT-PU-2019-2064
ALT-PU-2019-2077
ALT-PU-2019-2120
ALT-PU-2019-2213
ALT-PU-2019-2234
ALT-PU-2019-2311
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-02780
CESA-2019_2029
CESA-2019_3309
CESA-2019_3517
CVE-2019-11833
DLA-1823-1
DLA-1824-1
DSA-4465-1
MGASA-2019-0185
MGASA-2019-0196
MGASA-2019-0197
OPENSUSE-SU-2019:1479-1
OPENSUSE-SU-2019:1579-1
OPENSUSE-SU-2019_1479-1
OPENSUSE-SU-2019_1570-1
OPENSUSE-SU-2019_1579-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_3309
RHSA-2019_3517
SUSE-SU-2019:1527-1
SUSE-SU-2019:1529-1
SUSE-SU-2019:1530-1
SUSE-SU-2019:1532-1
SUSE-SU-2019:1533-1
SUSE-SU-2019:1534-1
SUSE-SU-2019:1535-1
SUSE-SU-2019:1536-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:1692-1
SUSE-SU-2019:2430-1
USN-4068-1
USN-4068-2
USN-4069-1
USN-4069-2
USN-4076-1
USN-4095-2
USN-4118-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu