__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program. NOTE: The BTRFS development team disputes this issues as not being a vulnerability because “1) The kernel provide facilities to restrict access to dmesg - dmesg_restrict=1 sysctl option. So it's really up to the system administrator to judge whether dmesg access shall be disallowed or not. 2) WARN/WARN_ON are widely used macros in the linux kernel. If this CVE is considered valid this would mean there are literally thousands CVE lurking in the kernel - something which clearly is not the case.
References
Link | Resource |
---|---|
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19039 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/4414-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-21T01:40:53
Updated: 2020-12-10T23:06:20
Reserved: 2019-11-17T00:00:00
Link: CVE-2019-19039
JSON object: View
NVD Information
Status : Modified
Published: 2019-11-21T02:15:23.337
Modified: 2024-05-17T01:35:09.233
Link: CVE-2019-19039
JSON object: View
Redhat Information
No data.
CWE