CVE-2011-0463

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
10/04/2011
Last modified:
11/04/2025

Description

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.38.2 (including)
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*