CVE-2019-11833
Published: 15 May 2019
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
From the Ubuntu security team
It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Priority
Medium
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-9.12)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-55.60)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-157.185)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Ignored
(was needs-triage ESM criteria)
|
|
|
Patches: Introduced by a86c61812637c7dd0c57e29880cffd477b62f2e7 Fixed by 592acbf16821288ecdc4192c47e3774a4c48bb64 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1047.49)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1090.101)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-1054.58)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1047.49~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.18.0-1025.27~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1051.56)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.18.0-1025.27~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1051.56)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1002.2)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1037.39)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1037.39~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1037.39)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1037.39)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-23.24~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-55.60~16.04.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was pending \[5.3.0-19.20~18.04.2\] now end-of-life)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-55.60~16.04.2)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1003.3)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1039.39)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1052.59)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Ignored
(was needs-triage ESM criteria)
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-164.192~14.04.1)
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(abandoned)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1050.57)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1002.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.0.0-1015.16)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1003.3)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1018.20)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.15.0-1018.20~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1041.44)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1117.126)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1058.64)
|
|
| Ubuntu 16.04 LTS (Xenial Xerus) |
Released
(4.4.0-1121.127)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
| Ubuntu 12.04 ESM (Precise Pangolin) |
Does not exist
|
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833
- https://github.com/torvalds/linux/commit/592acbf16821288ecdc4192c47e3774a4c48bb64
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=592acbf16821288ecdc4192c47e3774a4c48bb64
- https://usn.ubuntu.com/usn/usn-4068-1
- https://usn.ubuntu.com/usn/usn-4068-2
- https://usn.ubuntu.com/usn/usn-4069-1
- https://usn.ubuntu.com/usn/usn-4076-1
- https://usn.ubuntu.com/usn/usn-4069-2
- https://usn.ubuntu.com/usn/usn-4095-2
- https://usn.ubuntu.com/usn/usn-4118-1
- NVD
- Launchpad
- Debian