1. Home
  2. Vulnerabilities
  3. CVE-2019-15902

CVE-2019-15902

CVSS v3.1 5.6 (Medium)
56% Progress
CVSS v2.0 4.7 (Medium)
47% Progress
EPSS 0.05 % (19th)
0.05% Progress
Affected Products 7
Advisories 21
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-09-04 06:15:10
(5 years ago)
Updated Date
2019-10-17 04:15:12
(4 years ago)

Affected Products

Debian

Linux

Netapp

Opensuse

Configuration #1

AND
    CPE23 From Up To
OR  
  Linux Kernel from 4.4 version and 4.4.190 and prior versions cpe:2.3:o:linux:linux_kernel >= 4.4 <= 4.4.190
OR  
  Running on/with
  Linux Kernel from 4.9 version and 4.9.190 and prior versions cpe:2.3:o:linux:linux_kernel >= 4.9 <= 4.9.190
OR  
  Running on/with
  Linux Kernel from 4.14 version and 4.14.141 and prior versions cpe:2.3:o:linux:linux_kernel >= 4.14 <= 4.14.141
OR  
  Running on/with
  Linux Kernel from 4.19 version and 4.19.69 and prior versions cpe:2.3:o:linux:linux_kernel >= 4.19 <= 4.19.69
OR  
  Running on/with
  Linux Kernel from 5.2 version and 5.2.11 and prior versions cpe:2.3:o:linux:linux_kernel >= 5.2 <= 5.2.11

Configuration #2

AND
    CPE23 From Up To
OR  
  Netapp Active Iq Performance Analytics Services cpe:2.3:a:netapp:active_iq_performance_analytics_services:-
OR  
  Running on/with
  Netapp Service Processor cpe:2.3:a:netapp:service_processor:-
OR  
  Running on/with
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
OR  
  Running on/with
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
OR  
  Running on/with
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
OR  
  Running on/with
  Opensuse Leap 15.0 cpe:2.3:o:opensuse:leap:15.0
OR  
  Running on/with
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #3

AND
    CPE23 From Up To
OR  
  Netapp Baseboard Management Controller Firmware cpe:2.3:o:netapp:baseboard_management_controller_firmware:-
OR  
  Running on/with
  Netapp Baseboard Management Controller cpe:2.3:h:netapp:baseboard_management_controller:-