CVE-2011-0463

Name: CVE-2011-0463
Creator: NVD / NIST
Published: 2011-04-10T02:51:19.307+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.52%

Last modified Jun 16, 2026

CVE-2011-0463 is a vulnerability of currently unknown severity. The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.. EPSS estimates a 0.52% chance of exploitation in the next 30 days.

Description

The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file.

Metrics

EPSS Probability

0.52%

40.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.38.2
Canonical	Ubuntu Linux	8.04

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0
http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.htmlExploit, Patch, Third Party Advisory
http://secunia.com/advisories/43966Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1Release Notes, Vendor Advisory
http://www.ubuntu.com/usn/USN-1146-1Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=673037Exploit, Issue Tracking, Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=272b62c1f0f6f742046e45b50b6fec98860208a0
http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.htmlExploit, Patch, Third Party Advisory
http://secunia.com/advisories/43966Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1Release Notes, Vendor Advisory
http://www.ubuntu.com/usn/USN-1146-1Third Party Advisory
https://bugzilla.novell.com/show_bug.cgi?id=673037Exploit, Issue Tracking, Third Party Advisory

Timeline

Published: Apr 10, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-0463?

How severe is CVE-2011-0463?

Severity scoring for CVE-2011-0463 is pending analysis. The EPSS model estimates a 0.52% probability of exploitation in the next 30 days.

How do I fix CVE-2011-0463?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-0463?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST