CVE-2019-18660: Infoleak
First published: Wed Nov 27 2019(Updated: )
A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. The flushing of these structures helps to prevent SpectreRSB like attacks which may leak information from one user process to another. An unprivileged user could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attacks.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.31.1.el6 | 0:2.6.32-754.31.1.el6 |
| redhat/kernel-alt | <0:4.14.0-115.17.1.el7a | 0:4.14.0-115.17.1.el7a |
| redhat/kernel | <0:3.10.0-1127.el7 | 0:3.10.0-1127.el7 |
| redhat/kernel | <0:3.10.0-957.56.1.el7 | 0:3.10.0-957.56.1.el7 |
| redhat/kernel | <0:3.10.0-1062.21.1.el7 | 0:3.10.0-1062.21.1.el7 |
| redhat/kernel | <0:4.18.0-147.8.1.el8_1 | 0:4.18.0-147.8.1.el8_1 |
| redhat/kernel | <0:4.18.0-80.23.2.el8_0 | 0:4.18.0-80.23.2.el8_0 |
| Linux Linux kernel | <5.4.1 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| openSUSE Leap | =15.1 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| IBM Data Risk Manager | <=2.0.6 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.5-1 6.11.7-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-18660 https://nvd.nist.gov/vuln/detail/CVE-2019-18660
- https://bugzilla.redhat.com/show_bug.cgi?id=1777825
- https://access.redhat.com/errata/RHSA-2020:2933
- https://access.redhat.com/errata/RHSA-2020:0174
- https://access.redhat.com/errata/RHSA-2020:1016
- https://access.redhat.com/errata/RHSA-2020:2851
- https://access.redhat.com/errata/RHSA-2020:1984
- https://access.redhat.com/errata/RHSA-2020:1372
- https://access.redhat.com/errata/RHSA-2020:2429
- https://access.redhat.com/security/cve/cve-2019-18660
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html
- http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.openwall.com/lists/oss-security/2019/11/27/1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
- https://seclists.org/bugtraq/2020/Jan/10
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://usn.ubuntu.com/4225-1/
- https://usn.ubuntu.com/4225-2/
- https://usn.ubuntu.com/4226-1/
- https://usn.ubuntu.com/4227-1/
- https://usn.ubuntu.com/4227-2/
- https://usn.ubuntu.com/4228-1/
- https://usn.ubuntu.com/4228-2/
- https://www.openwall.com/lists/oss-security/2019/11/27/1
- https://launchpad.net/bugs/cve/CVE-2019-18660
- https://git.kernel.org/linus/39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad
- https://git.kernel.org/linus/af2e8c68b9c5403f77096969c516f742f5bb29e0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1777826
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/172297
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660
- https://nvd.nist.gov/vuln/detail/CVE-2019-18660
- https://security-tracker.debian.org/tracker/CVE-2019-18660
- https://ubuntu.com/security/CVE-2019-18660
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-18660
- agent/author
- agent/severity
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/remedy
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- version/canonical ubuntu linux/19.10
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6
- package-manager/debian