← Voltar para CVEs

CVE-2019-15902

MEDIUM

5.6

Descricao

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Detalhes CVE

Pontuacao CVSS v3.15.6

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Vetor de ataqueLOCAL

ComplexidadeHIGH

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado9/4/2019

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

debian:debian_linuxlinux:linux_kernelnetapp:active_iq_performance_analytics_servicesnetapp:baseboard_management_controllernetapp:baseboard_management_controller_firmwarenetapp:service_processoropensuse:leap

Fraquezas (CWE)

CWE-200

Referencias

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html(cve@mitre.org)

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php(cve@mitre.org)

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html(cve@mitre.org)

https://seclists.org/bugtraq/2019/Sep/41(cve@mitre.org)

https://security.netapp.com/advisory/ntap-20191004-0001/(cve@mitre.org)

https://usn.ubuntu.com/4157-1/(cve@mitre.org)

https://usn.ubuntu.com/4157-2/(cve@mitre.org)

https://usn.ubuntu.com/4162-1/(cve@mitre.org)

https://usn.ubuntu.com/4162-2/(cve@mitre.org)

https://usn.ubuntu.com/4163-1/(cve@mitre.org)

https://usn.ubuntu.com/4163-2/(cve@mitre.org)

https://www.debian.org/security/2019/dsa-4531(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html(af854a3a-2127-422b-91ae-364da2661108)

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Sep/41(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20191004-0001/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4157-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4157-2/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4162-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4162-2/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4163-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4163-2/(af854a3a-2127-422b-91ae-364da2661108)

https://www.debian.org/security/2019/dsa-4531(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.