Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-19039
HistoryNov 21, 2019 - 12:00 a.m.

CVE-2019-19039

2019-11-2100:00:00
ubuntu.com
ubuntu.com
9

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

DISPUTED __btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux
kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case,
which allows local users to obtain potentially sensitive information about
register values via the dmesg program. NOTE: The BTRFS development team
disputes this issues as not being a vulnerability because “1) The kernel
provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl
option. So it’s really up to the system administrator to judge whether
dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used
macros in the linux kernel. If this CVE is considered valid this would mean
there are literally thousands CVE lurking in the kernel - something which
clearly is not the case.”

Bugs

Notes

Author Note
tyhicks Exploiting this vulnerability requires a crafted filesystem image to be mounted
Rows per page:
1-10 of 391

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%