Lucene search

K

[email protected]NVD:CVE-2019-15902

HistorySep 04, 2019 - 6:15 a.m.

CVE-2019-15902

2019-09-0406:15:10

CWE-200

[email protected]

web.nvd.nist.gov

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream “x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()” commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Affected configurations

NVD

Node

linuxlinux_kernelRange4.4–4.4.190

OR

linuxlinux_kernelRange4.9–4.9.190

OR

linuxlinux_kernelRange4.14–4.14.141

OR

linuxlinux_kernelRange4.19–4.19.69

OR

linuxlinux_kernelRange5.2–5.2.11

Node

netappactive_iq_performance_analytics_servicesMatch-

OR

netappservice_processorMatch-

OR

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

OR

debiandebian_linuxMatch10.0

OR

opensuseleapMatch15.0

OR

opensuseleapMatch15.1

Node

netappbaseboard_management_controller_firmwareMatch-

AND

netappbaseboard_management_controllerMatch-

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

lists.debian.org/debian-lts-announce/2019/10/msg00000.html

seclists.org/bugtraq/2019/Sep/41

security.netapp.com/advisory/ntap-20191004-0001/

usn.ubuntu.com/4157-1/

usn.ubuntu.com/4157-2/

usn.ubuntu.com/4162-1/

usn.ubuntu.com/4162-2/

usn.ubuntu.com/4163-1/

usn.ubuntu.com/4163-2/

www.debian.org/security/2019/dsa-4531

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

Related for NVD:CVE-2019-15902

osv3 ubuntucve1 cvelist1 cve1 openvas21 redhatcve1 debiancve1 prion1 nessus20 amazon1 debian3 photon6 ubuntu6 cloudfoundry1 ibm2 suse2