CVE-2019-15902
moderate-risk
Published 2019-09-04
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10
Medium
LOCAL
/ HIGH complexity
Affected Products (9)
Active Iq Performance Analytics Services
Baseboard Management Controller Firmware
References (26)
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
Mailing List
https://seclists.org/bugtraq/2019/Sep/41
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0001/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4531
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
Mailing List
https://seclists.org/bugtraq/2019/Sep/41
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0001/
and 6 more references
30
/ 100
moderate-risk
Severity
15/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
15/34 · Moderate