Oval Definition:oval:com.ubuntu.cosmic:def:2019118330000000
Revision Date:2019-05-15Version:1
Title:CVE-2019-11833 on Ubuntu 18.10 (cosmic) - medium.
Description:fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11833
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • linux package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-aws package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1021.25').
  • OR linux-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-kvm package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1017.18').
  • OR linux-meta package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-meta-aws package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1021.25').
  • OR linux-meta-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-meta-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-meta-kvm package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1017.18').
  • OR linux-meta-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-meta-raspi2 package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1019.22').
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-oracle package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1018.20').
  • OR linux-raspi2 package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1019.22').
  • OR linux-signed package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-signed-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-signed-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-signed-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • BACK