← Back

CVE-2019-15902

nvd nist
Published: Sep 4, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.6
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploitability: 1.1 / Impact: 4.0
Source: NVD

Description

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Affected (13)

Show all products
Linux: Linux Kernel · Debian: Debian Linux · Netapp: Active Iq Performance Analytics Services, Service Processor, Baseboard Management Controller Firmware · Opensuse: Leap
Linux
1 product
Linux Kernel
Debian
1 product
Debian Linux
Netapp
3 products
Active Iq Performance Analytics Services
Service Processor
Baseboard Management Controller Firmware
Opensuse
1 product
Leap
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.14 to 4.14.141
Linux Kernel
From 4.19 to 4.19.69
Linux Kernel
From 4.4 to 4.4.190
Linux Kernel
From 4.9 to 4.9.190
Linux Kernel
From 5.2 to 5.2.11
Configuration B
7 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Active Iq Performance Analytics Services
All versions
Service Processor
All versions
Opensuse
Leap
Version 15.0
Leap
Version 15.1
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Baseboard Management Controller Firmware
All versions
Running on/withPlatform Versions
Netapp
Baseboard Management Controller
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.