QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15902

Published: Sep 4, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

x_refsource_MISC

openSUSE-SU-2019:2173

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2181

vendor-advisory

x_refsource_SUSE

20190925 [SECURITY] [DSA 4531-1] linux security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20191004-0001/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.