CVE-2019-15902: Infoleak
First published: Wed Sep 04 2019(Updated: )
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=4.4<=4.4.190 | |
| Linux Linux kernel | >=4.9<=4.9.190 | |
| Linux Linux kernel | >=4.14<=4.14.141 | |
| Linux Linux kernel | >=4.19<=4.19.69 | |
| Linux Linux kernel | >=5.2<=5.2.11 | |
| Netapp Active Iq Performance Analytics Services | ||
| NetApp Service Processor | ||
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Netapp Baseboard Management Controller Firmware | ||
| Netapp Baseboard Management Controller | ||
| All of | ||
| Netapp Baseboard Management Controller Firmware | ||
| Netapp Baseboard Management Controller | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- https://seclists.org/bugtraq/2019/Sep/41
- https://security.netapp.com/advisory/ntap-20191004-0001/
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://www.debian.org/security/2019/dsa-4531
- https://launchpad.net/bugs/cve/CVE-2019-15902
- https://security-tracker.debian.org/tracker/CVE-2019-15902
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15902
- https://nvd.nist.gov/vuln/detail/CVE-2019-15902
- https://ubuntu.com/security/CVE-2019-15902
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.4
- version/linux linux kernel/4.4.190
- version/linux linux kernel/4.9
- version/linux linux kernel/4.9.190
- version/linux linux kernel/4.14
- version/linux linux kernel/4.14.141
- version/linux linux kernel/4.19
- version/linux linux kernel/4.19.69
- version/linux linux kernel/5.2
- version/linux linux kernel/5.2.11
- vendor/netapp
- canonical/netapp active iq performance analytics services
- canonical/netapp service processor
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- canonical/netapp baseboard management controller firmware
- canonical/netapp baseboard management controller
- package-manager/debian