CVE-2019-11833

EPSS 0.03%
Published 15.05.2019 13:29:00
Last modified 21.11.2024 04:21:51
Source cve@mitre.org
Teams watchlist Login
Open Login

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Affected products Warnungen 0 Metrics 3 CWE 1 References 25

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 5.1.2

Fedoraproject ≫ Fedora Version29

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8.0

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8.0

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.6

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.6

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Broken Link

https://access.redhat.com/errata/RHSA-2019:3517

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2029

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2043

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Third Party Advisory

https://usn.ubuntu.com/4095-2/

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3309

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Jun/26

Third Party Advisory

Mailing List

https://www.debian.org/security/2019/dsa-4465

Third Party Advisory

https://usn.ubuntu.com/4069-1/

Third Party Advisory

https://usn.ubuntu.com/4069-2/

Third Party Advisory

https://usn.ubuntu.com/4076-1/

Third Party Advisory

https://usn.ubuntu.com/4068-1/

Third Party Advisory

https://usn.ubuntu.com/4068-2/

Third Party Advisory

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/108372

Third Party Advisory

Broken Link

VDB Entry

https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJGZIMGB72TL7OGWRMHIL43WHXFQWU4X/

https://nvd.nist.gov/vuln/detail/CVE-2019-11833

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11833

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11833

EUVD