A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | Third Party Advisory |
https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php | Exploit Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html | Third Party Advisory |
https://seclists.org/bugtraq/2019/Sep/41 | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20191004-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4157-1/ | |
https://usn.ubuntu.com/4157-2/ | |
https://usn.ubuntu.com/4162-1/ | |
https://usn.ubuntu.com/4162-2/ | |
https://usn.ubuntu.com/4163-1/ | |
https://usn.ubuntu.com/4163-2/ | |
https://www.debian.org/security/2019/dsa-4531 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-04T05:50:48
Updated: 2019-10-23T07:06:14
Reserved: 2019-09-04T00:00:00
Link: CVE-2019-15902
JSON object: View
NVD Information
Status : Modified
Published: 2019-09-04T06:15:10.780
Modified: 2019-10-17T04:15:12.203
Link: CVE-2019-15902
JSON object: View
Redhat Information
No data.
CWE