CVE-2005-0400
Description
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"Uninitialized memory in ext2_make_empty() when creating a block for a new directory entry."
Attack vector
A local user can exploit this by creating a new directory on an ext2 filesystem. When `ext2_make_empty()` allocates a block for the new directory entry, uninitialized kernel memory (which may contain sensitive data from prior use) is written to disk without being zeroed out [ref_id=1]. The attacker can then read the raw block from the disk to recover the leaked information.
Affected code
The vulnerability resides in the `ext2_make_empty()` function in the ext2 filesystem code. This function creates a block for a new directory entry but does not initialize the memory before writing it to disk [ref_id=1].
What the fix does
The patch provided is the Linux 2.6.12 version bump and does not show the actual code fix for this vulnerability. According to the reference write-up [ref_id=1], the proposed fix involves properly initializing the memory in the `ext2_make_empty()` function before writing the block to disk, ensuring that no uninitialized kernel memory is exposed. The advisory notes that a patch was included in Linux 2.6.11.6 to address this issue.
Preconditions
- authAttacker must have local access to the system and be able to create directories on an ext2 filesystem.
- inputAttacker must be able to read raw block data from the disk (e.g., via debugfs or direct block device access).
Generated on May 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- arkoon.net/advisories/ext2-make-empty-leak.txtnvdVendor Advisory
- kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6nvd
- marc.infonvd
- secunia.com/advisories/14713/nvd
- secunia.com/advisories/17002nvd
- secunia.com/advisories/18684nvd
- www.redhat.com/support/errata/RHSA-2005-366.htmlnvd
- www.redhat.com/support/errata/RHSA-2005-663.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0190.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0191.htmlnvd
- www.securityfocus.com/bid/12932nvd
- www.vupen.com/english/advisories/2005/1878nvd
- bugzilla.redhat.com/bugzilla/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/19866nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10336nvd
- usn.ubuntu.com/103-1/nvd
News mentions
0No linked articles in our index yet.