CVE-2019-19039

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-19039
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19039.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-19039
Related
Withdrawn
2020-12-10T23:06:20Z
Published
2019-11-21T02:15:23Z
Modified
2024-09-18T01:00:20Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

_btrfsfreeextent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfsprintleaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesgrestrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.7-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}