A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | Third Party Advisory |
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html | Third Party Advisory |
https://seclists.org/bugtraq/2019/Sep/41 | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20191004-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4157-1/ | |
https://usn.ubuntu.com/4157-2/ | |
https://usn.ubuntu.com/4162-1/ | |
https://usn.ubuntu.com/4162-2/ | |
https://usn.ubuntu.com/4163-1/ | |
https://usn.ubuntu.com/4163-2/ | |
https://www.debian.org/security/2019/dsa-4531 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
History
No history.
Information
Published : 2019-09-04 06:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-15902
Mitre link : CVE-2019-15902
CVE.ORG link : CVE-2019-15902
JSON object : View
Products Affected
opensuse
- leap
linux
- linux_kernel
netapp
- baseboard_management_controller
- service_processor
- baseboard_management_controller_firmware
- active_iq_performance_analytics_services
debian
- debian_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor