CVE-2019-15902: Infoleak
First published: Wed Sep 04 2019(Updated: )
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | >=4.4<=4.4.190 | |
| Linux Kernel | >=4.9<=4.9.190 | |
| Linux Kernel | >=4.14<=4.14.141 | |
| Linux Kernel | >=4.19<=4.19.69 | |
| Linux Kernel | >=5.2<=5.2.11 | |
| NetApp Active IQ | ||
| NetApp Service Processor | ||
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 | |
| Debian GNU/Linux | =10.0 | |
| openSUSE | =15.0 | |
| openSUSE | =15.1 | |
| All of | ||
| NetApp FAS/AFF Baseboard Management Controller | ||
| NetApp FAS/AFF Baseboard Management Controller | ||
| NetApp FAS/AFF Baseboard Management Controller | ||
| NetApp FAS/AFF Baseboard Management Controller | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- https://seclists.org/bugtraq/2019/Sep/41
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://www.debian.org/security/2019/dsa-4531
- https://launchpad.net/bugs/cve/CVE-2019-15902
- https://security-tracker.debian.org/tracker/CVE-2019-15902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15902
- https://nvd.nist.gov/vuln/detail/CVE-2019-15902
- https://ubuntu.com/security/CVE-2019-15902
Frequently Asked Questions
What is the severity of CVE-2019-15902?
CVE-2019-15902 is classified with a high severity due to its potential for exploitation in Linux kernel versions.
How do I fix CVE-2019-15902?
To fix CVE-2019-15902, upgrade the Linux kernel to a version that is 5.10.223-1 or newer.
Which versions of the Linux kernel are affected by CVE-2019-15902?
CVE-2019-15902 affects Linux kernel versions 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11.
Who is impacted by CVE-2019-15902?
Users of Linux distributions with the vulnerable kernel versions are impacted by CVE-2019-15902.
What kind of vulnerability is CVE-2019-15902?
CVE-2019-15902 is a backporting error that leads to a security issue in the Linux kernel related to Spectre v1.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.4
- version/linux kernel/4.4.190
- version/linux kernel/4.9
- version/linux kernel/4.9.190
- version/linux kernel/4.14
- version/linux kernel/4.14.141
- version/linux kernel/4.19
- version/linux kernel/4.19.69
- version/linux kernel/5.2
- version/linux kernel/5.2.11
- vendor/netapp
- canonical/netapp active iq
- canonical/netapp service processor
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0
- version/debian gnu/linux/10.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.0
- version/opensuse/15.1
- canonical/netapp fas/aff baseboard management controller