5.6
CVE-2019-15902
- EPSS 0.09%
- Published 04.09.2019 06:15:10
- Last modified 21.11.2024 04:29:42
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.4 <= 4.4.190
Linux ≫ Linux Kernel Version >= 4.9 <= 4.9.190
Linux ≫ Linux Kernel Version >= 4.14 <= 4.14.141
Linux ≫ Linux Kernel Version >= 4.19 <= 4.19.69
Linux ≫ Linux Kernel Version >= 5.2 <= 5.2.11
Netapp ≫ Active Iq Performance Analytics Services Version-
Netapp ≫ Service Processor Version-
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Netapp ≫ Baseboard Management Controller Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.223 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.6 | 1.1 | 4 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 4.7 | 3.4 | 6.9 |
AV:L/AC:M/Au:N/C:C/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.