Vulnerability CVE-2019-11833: Information

Description

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11833
Published: May 15, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-908

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus5.1.4-alt16.8.8-alt1ALT-PU-2019-1893-1229843Fixed
kernel-image-mpp105.1.4-alt16.1.19-alt1ALT-PU-2019-1893-1229843Fixed
kernel-image-mpp95.1.4-alt15.12.16-alt1ALT-PU-2019-1896-1229885Fixed
kernel-image-mpc9f25.1.4-alt15.7.16-alt1ALT-PU-2019-1896-1229885Fixed
kernel-image-rpi-defsisyphus5.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp105.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp95.4.51-alt25.10.81-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-defc9f25.4.51-alt25.4.61-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rtsisyphus5.10.35-alt1.rt396.1.90-alt2.rt30ALT-PU-2021-1870-1272532Fixed
kernel-image-rtp105.10.35-alt1.rt395.10.216-alt1.rt108ALT-PU-2021-1870-1272532Fixed
kernel-image-std-debugsisyphus4.19.45-alt16.1.91-alt1ALT-PU-2019-1886-1229810Fixed
kernel-image-std-debugc9f24.19.49-alt14.19.102-alt1ALT-PU-2019-2061-1231770Fixed
kernel-image-std-defsisyphus4.19.45-alt16.1.91-alt1ALT-PU-2019-1889-1229814Fixed
kernel-image-std-defp104.19.45-alt15.10.216-alt1ALT-PU-2019-1889-1229814Fixed
kernel-image-std-defp94.19.49-alt15.4.275-alt1ALT-PU-2019-2063-1231772Fixed
kernel-image-std-defp84.9.178-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2019-1911-1229830Fixed
kernel-image-std-defc9f24.19.49-alt15.10.214-alt0.c9f.2ALT-PU-2019-2063-1231772Fixed
kernel-image-std-defc74.4.183-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2019-2175-1233233Fixed
kernel-image-std-paec9f24.19.49-alt14.19.72-alt1ALT-PU-2019-2064-1231774Fixed
kernel-image-tegrap94.9.140-alt24.9.140-alt2ALT-PU-2019-2234-1234165Fixed
kernel-image-tegrac9f24.9.140-alt24.9.140-alt2ALT-PU-2019-2234-1234165Fixed
kernel-image-un-defsisyphus5.0.18-alt16.6.31-alt1ALT-PU-2019-1892-1229821Fixed
kernel-image-un-defp105.0.18-alt16.1.90-alt1ALT-PU-2019-1892-1229821Fixed
kernel-image-un-defp95.0.21-alt25.10.216-alt2ALT-PU-2019-2077-1232427Fixed
kernel-image-un-defc10f15.0.18-alt16.1.85-alt0.c10f.1ALT-PU-2019-1892-1229821Fixed
kernel-image-un-defc9f25.0.21-alt25.10.29-alt2ALT-PU-2019-2077-1232427Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed
usbipsisyphus5.10-alt15.10-alt1ALT-PU-2023-1798-1320453Fixed
usbipsisyphus_e2k5.10-alt15.10-alt1ALT-PU-2023-7452-1-Fixed
usbipp105.10-alt15.10-alt1ALT-PU-2023-1903-1320461Fixed
usbipp10_e2k5.10-alt15.10-alt1ALT-PU-2023-7498-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
  • Patch
  • Third Party Advisory
108372
  • Broken Link
  • Third Party Advisory
  • VDB Entry
openSUSE-SU-2019:1479
  • Broken Link
DSA-4465
  • Third Party Advisory
[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:1570
  • Broken Link
20190618 [SECURITY] [DSA 4465-1] linux security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:1579
  • Broken Link
USN-4068-1
  • Third Party Advisory
USN-4068-2
  • Third Party Advisory
USN-4069-1
  • Third Party Advisory
USN-4076-1
  • Third Party Advisory
USN-4069-2
  • Third Party Advisory
RHSA-2019:2043
  • Third Party Advisory
RHSA-2019:2029
  • Third Party Advisory
USN-4095-2
  • Third Party Advisory
USN-4118-1
  • Third Party Advisory
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
  • Third Party Advisory
  • VDB Entry
RHSA-2019:3517
  • Third Party Advisory
RHSA-2019:3309
  • Third Party Advisory
FEDORA-2019-48b34fc991

      1. Configuration 1

        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        End including
        5.1.2

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

        Configuration 4

        cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

        Configuration 5

        cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top