CVE-2019-18660

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

http://www.openwall.com/lists/oss-security/2019/11/27/1

https://access.redhat.com/errata/RHSA-2020:0174

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad

https://lists.fedoraproject.org/archives/list/[email protected]/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/

https://seclists.org/bugtraq/2020/Jan/10

https://security.netapp.com/advisory/ntap-20200103-0001/

https://usn.ubuntu.com/4225-1/

https://usn.ubuntu.com/4225-2/

https://usn.ubuntu.com/4226-1/

https://usn.ubuntu.com/4227-1/

https://usn.ubuntu.com/4227-2/

https://usn.ubuntu.com/4228-1/

https://usn.ubuntu.com/4228-2/

https://www.openwall.com/lists/oss-security/2019/11/27/1

Details

Source: MITRE

Published: 2019-11-27

Updated: 2020-01-28

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
150557SUSE SLES11 Security Update : kernel (SUSE-SU-2020:14354-1)NessusSuSE Local Security Checks
critical
145985CentOS 8 : kernel (CESA-2020:1372)NessusCentOS Local Security Checks
medium
139381RHEL 8 : kernel (RHSA-2020:1372)NessusRed Hat Local Security Checks
medium
138659Oracle Linux 6 : kernel (ELSA-2020-2933)NessusOracle Linux Local Security Checks
medium
138538Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20200715)NessusScientific Linux Local Security Checks
medium
138502RHEL 6 : kernel (RHSA-2020:2933)NessusRed Hat Local Security Checks
medium
138171RHEL 7 : kernel (RHSA-2020:2851)NessusRed Hat Local Security Checks
high
137275RHEL 8 : kernel (RHSA-2020:2429)NessusRed Hat Local Security Checks
high
136661SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1255-1)NessusSuSE Local Security Checks
critical
136188RHEL 7 : kernel (RHSA-2020:1984)NessusRed Hat Local Security Checks
medium
135813Scientific Linux Security Update : kernel on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
high
135378Oracle Linux 8 : kernel (ELSA-2020-1372)NessusOracle Linux Local Security Checks
medium
135316CentOS 7 : kernel (CESA-2020:1016)NessusCentOS Local Security Checks
high
135080RHEL 7 : kernel (RHSA-2020:1016)NessusRed Hat Local Security Checks
high
134363SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:0613-1)NessusSuSE Local Security Checks
critical
133913EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-1112)NessusHuawei Local Security Checks
critical
133162RHEL 7 : kernel-alt (RHSA-2020:0174)NessusRed Hat Local Security Checks
high
133142Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4225-2)NessusUbuntu Local Security Checks
critical
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132741Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-008-01)NessusSlackware Local Security Checks
high
132692Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4228-1)NessusUbuntu Local Security Checks
critical
132691Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, (USN-4227-1)NessusUbuntu Local Security Checks
critical
132690Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1)NessusUbuntu Local Security Checks
critical
132689Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, (USN-4225-1)NessusUbuntu Local Security Checks
critical
132605EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)NessusHuawei Local Security Checks
critical
132394SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)NessusSuSE Local Security Checks
critical
132390SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3379-1)NessusSuSE Local Security Checks
critical
132389SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:3371-1)NessusSuSE Local Security Checks
critical
132237SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3317-1)NessusSuSE Local Security Checks
critical
132236SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3316-1)NessusSuSE Local Security Checks
critical
132032openSUSE Security Update : the Linux Kernel (openSUSE-2019-2675)NessusSuSE Local Security Checks
critical
131833SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)NessusSuSE Local Security Checks
high
131787Fedora 30 : kernel (2019-124a241044)NessusFedora Local Security Checks
medium
131742Fedora 31 : kernel (2019-b86a7bdba0)NessusFedora Local Security Checks
medium