CVE-2019-15902

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html

https://seclists.org/bugtraq/2019/Sep/41

https://security.netapp.com/advisory/ntap-20191004-0001/

https://usn.ubuntu.com/4157-1/

https://usn.ubuntu.com/4157-2/

https://usn.ubuntu.com/4162-1/

https://usn.ubuntu.com/4162-2/

https://usn.ubuntu.com/4163-1/

https://usn.ubuntu.com/4163-2/

https://www.debian.org/security/2019/dsa-4531

Details

Source: MITRE

Published: 2019-09-04

Updated: 2019-10-17

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 5.6

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Impact Score: 4

Exploitability Score: 1.1

Severity: MEDIUM

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
150533SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14218-1)NessusSuSE Local Security Checks
critical
131120SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)NessusSuSE Local Security Checks
critical
130950SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)NessusSuSE Local Security Checks
critical
130949SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)NessusSuSE Local Security Checks
critical
130163SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2738-1)NessusSuSE Local Security Checks
critical
130152Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)NessusUbuntu Local Security Checks
critical
130151Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4162-1)NessusUbuntu Local Security Checks
critical
130147Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4157-2)NessusUbuntu Local Security Checks
critical
130003Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4157-1)NessusUbuntu Local Security Checks
critical
129845SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)NessusSuSE Local Security Checks
critical
129505Debian DLA-1940-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
129345openSUSE Security Update : the Linux Kernel (openSUSE-2019-2181)NessusSuSE Local Security Checks
critical
129339openSUSE Security Update : the Linux Kernel (openSUSE-2019-2173)NessusSuSE Local Security Checks
critical
129306Debian DSA-4531-1 : linux - security updateNessusDebian Local Security Checks
high
129293Photon OS 1.0: Linux PHSA-2019-1.0-0251NessusPhotonOS Local Security Checks
high
129163Photon OS 3.0: Linux PHSA-2019-3.0-0030NessusPhotonOS Local Security Checks
medium
129157SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)NessusSuSE Local Security Checks
critical
129156SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)NessusSuSE Local Security Checks
critical
129154SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)NessusSuSE Local Security Checks
critical
129008Amazon Linux AMI : kernel (ALAS-2019-1281)NessusAmazon Linux Local Security Checks
medium