← Zuruck zu CVEs

CVE-2019-15902

MEDIUM

5.6

Beschreibung

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

CVE Details

CVSS v3.1 Bewertung5.6

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

AngriffsvektorLOCAL

KomplexitatHIGH

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht9/4/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

debian:debian_linuxlinux:linux_kernelnetapp:active_iq_performance_analytics_servicesnetapp:baseboard_management_controllernetapp:baseboard_management_controller_firmwarenetapp:service_processoropensuse:leap

Schwachen (CWE)

CWE-200

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html(cve@mitre.org)

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html(cve@mitre.org)

https://seclists.org/bugtraq/2019/Sep/41(cve@mitre.org)

https://security.netapp.com/advisory/ntap-20191004-0001/(cve@mitre.org)

https://usn.ubuntu.com/4157-1/(cve@mitre.org)

https://usn.ubuntu.com/4157-2/(cve@mitre.org)

https://usn.ubuntu.com/4162-1/(cve@mitre.org)

https://usn.ubuntu.com/4162-2/(cve@mitre.org)

https://usn.ubuntu.com/4163-1/(cve@mitre.org)

https://usn.ubuntu.com/4163-2/(cve@mitre.org)

https://www.debian.org/security/2019/dsa-4531(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html(af854a3a-2127-422b-91ae-364da2661108)

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Sep/41(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20191004-0001/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4157-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4157-2/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4162-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4162-2/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4163-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4163-2/(af854a3a-2127-422b-91ae-364da2661108)

https://www.debian.org/security/2019/dsa-4531(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.