Details of VAR-201909-1049

ID

VAR-201909-1049

CVE

CVE-2019-15902

TITLE

Linux Kernel Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008961

DESCRIPTION

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Linux Kernel Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Linux kernel 4.4.x to 4.4.190, 4.9.x to 4.9.190, 4.14.x to 4.14.141, 4.19.x to 4.19.69, 5.2 .x versions up to 5.2.11. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4163-2 October 23, 2019 linux-lts-xenial, linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.4.0-1056-aws 4.4.0-1056.60 linux-image-4.4.0-166-generic 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-generic-lpae 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-lowlatency 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-e500mc 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-smp 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-emb 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-smp 4.4.0-166.195~14.04.1 linux-image-aws 4.4.0.1056.57 linux-image-generic-lpae-lts-xenial 4.4.0.166.145 linux-image-generic-lts-xenial 4.4.0.166.145 linux-image-lowlatency-lts-xenial 4.4.0.166.145 linux-image-powerpc-e500mc-lts-xenial 4.4.0.166.145 linux-image-powerpc-smp-lts-xenial 4.4.0.166.145 linux-image-powerpc64-emb-lts-xenial 4.4.0.166.145 linux-image-powerpc64-smp-lts-xenial 4.4.0.166.145 linux-image-virtual-lts-xenial 4.4.0.166.145 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4163-2 https://usn.ubuntu.com/4163-1 CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14814, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902 . Please note that the RDS protocol is blacklisted in Ubuntu by default

Trust: 2.43

sources: NVD: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // PACKETSTORM: 154948 // PACKETSTORM: 154606 // PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154946 // PACKETSTORM: 154933 // PACKETSTORM: 154935

AFFECTED PRODUCTS

vendor:	linux	model:	kernel	scope:	lte	version:	5.2.11	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	4.14.141	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	4.19.69	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	4.4.190	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.19	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.14	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	5.2	Trust: 1.0
vendor:	linux	model:	kernel	scope:	gte	version:	4.9	Trust: 1.0
vendor:	netapp	model:	baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq performance analytics services	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	service processor	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	4.9.190	Trust: 1.0
vendor:	linux	model:	kernel	scope:	eq	version:	4.14.141 for up to 4.14.x	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.19.69 for up to 4.19.x	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.4.190 for up to 4.4.x	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	4.9.190 for up to 4.9.x	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	5.2.11 for up to 5.2.x	Trust: 0.8

sources: JVNDB: JVNDB-2019-008961 // NVD: CVE-2019-15902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15902
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-15902
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201909-180
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-147995
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-15902
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-15902
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2019-15902
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-147995
severity:	MEDIUM
baseScore:	4.7
vectorString:	AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-15902
baseSeverity:	MEDIUM
baseScore:	5.6
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.1
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2019-15902
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // CNNVD: CNNVD-201909-180 // NVD: CVE-2019-15902

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-147995 // JVNDB: JVNDB-2019-008961 // NVD: CVE-2019-15902

THREAT TYPE

local

Trust: 1.0

sources: PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154933 // PACKETSTORM: 154935 // CNNVD: CNNVD-201909-180

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-180

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008961

PATCH

title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	Linux kernel Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97941	Trust: 0.6
title:	Red Hat: CVE-2019-15902	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-15902	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2019-1281	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1281	Trust: 0.1
title:	Debian Security Advisories: DSA-4531-1 linux -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=426a377014db3361a5918ec383935e10	Trust: 0.1
title:	Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp, linux-gke-5.0 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4157-2	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4157-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4162-1	Trust: 0.1
title:	Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4163-1	Trust: 0.1
title:	Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4163-2	Trust: 0.1
title:	Ubuntu Security Notice: linux-azure vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4162-2	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1

sources: VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // CNNVD: CNNVD-201909-180

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15902	Trust: 3.3
db:	JVNDB	id:	JVNDB-2019-008961	Trust: 0.8
db:	CNNVD	id:	CNNVD-201909-180	Trust: 0.7
db:	PACKETSTORM	id:	154606	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3691	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4261	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3570	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3817	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3613	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4252	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0644	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4346.2	Trust: 0.6
db:	VULHUB	id:	VHN-147995	Trust: 0.1
db:	VULMON	id:	CVE-2019-15902	Trust: 0.1
db:	PACKETSTORM	id:	154948	Trust: 0.1
db:	PACKETSTORM	id:	154897	Trust: 0.1
db:	PACKETSTORM	id:	154934	Trust: 0.1
db:	PACKETSTORM	id:	154946	Trust: 0.1
db:	PACKETSTORM	id:	154933	Trust: 0.1
db:	PACKETSTORM	id:	154935	Trust: 0.1

sources: VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // PACKETSTORM: 154948 // PACKETSTORM: 154606 // PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154946 // PACKETSTORM: 154933 // PACKETSTORM: 154935 // CNNVD: CNNVD-201909-180 // NVD: CVE-2019-15902

REFERENCES

url:	https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php	Trust: 2.6
url:	https://www.debian.org/security/2019/dsa-4531	Trust: 2.4
url:	https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15902	Trust: 2.1
url:	https://usn.ubuntu.com/4157-2/	Trust: 1.9
url:	https://seclists.org/bugtraq/2019/sep/41	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20191004-0001/	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html	Trust: 1.8
url:	https://usn.ubuntu.com/4157-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4162-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4162-2/	Trust: 1.8
url:	https://usn.ubuntu.com/4163-1/	Trust: 1.8
url:	https://usn.ubuntu.com/4163-2/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15902	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14821	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14816	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15505	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201914218-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html	Trust: 0.6
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192424-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192414-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192412-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192648-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3570/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3691/	Trust: 0.6
url:	https://packetstormsecurity.com/files/154606/debian-security-advisory-4531-1.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-linux-kernel-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4261/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4252/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0644/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/linux-kernel-information-disclosure-via-spectre-backport-30402	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3613/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3817/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4346.2/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15117	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15118	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14815	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-21008	Trust: 0.4
url:	https://usn.ubuntu.com/4162-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15918	Trust: 0.2
url:	https://usn.ubuntu.com/4157-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15504	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2181	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16714	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14814	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18232	Trust: 0.2
url:	https://usn.ubuntu.com/4163-1	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10906	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15902	Trust: 0.1
url:	https://usn.ubuntu.com/4162-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14835	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/linux	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1019.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1020.20	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/5.0.0-32.34	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1024.25	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1020.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1048.48	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1052.54~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1047.50	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.15.0-66.75	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1059.68	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1061.66	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1046.49	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1049.53	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1066.73	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-66.75~16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1052.54	Trust: 0.1
url:	https://usn.ubuntu.com/4163-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-32.34~18.04.2	Trust: 0.1
url:	https://usn.ubuntu.com/4157-2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21~18.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1023.23~18.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux/4.4.0-166.195	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1128.136	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1124.133	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1060.67	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1096.107	Trust: 0.1

CREDITS

Debian

Trust: 0.7

sources: PACKETSTORM: 154606 // CNNVD: CNNVD-201909-180

SOURCES

db:	VULHUB	id:	VHN-147995
db:	VULMON	id:	CVE-2019-15902
db:	JVNDB	id:	JVNDB-2019-008961
db:	PACKETSTORM	id:	154948
db:	PACKETSTORM	id:	154606
db:	PACKETSTORM	id:	154897
db:	PACKETSTORM	id:	154934
db:	PACKETSTORM	id:	154946
db:	PACKETSTORM	id:	154933
db:	PACKETSTORM	id:	154935
db:	CNNVD	id:	CNNVD-201909-180
db:	NVD	id:	CVE-2019-15902

LAST UPDATE DATE

2024-08-14T12:07:53.409000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147995	date:	2019-10-17T00:00:00
db:	VULMON	id:	CVE-2019-15902	date:	2019-10-17T00:00:00
db:	JVNDB	id:	JVNDB-2019-008961	date:	2019-09-10T00:00:00
db:	CNNVD	id:	CNNVD-201909-180	date:	2020-02-25T00:00:00
db:	NVD	id:	CVE-2019-15902	date:	2019-10-17T04:15:12.203

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147995	date:	2019-09-04T00:00:00
db:	VULMON	id:	CVE-2019-15902	date:	2019-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-008961	date:	2019-09-10T00:00:00
db:	PACKETSTORM	id:	154948	date:	2019-10-23T18:28:53
db:	PACKETSTORM	id:	154606	date:	2019-09-25T18:06:37
db:	PACKETSTORM	id:	154897	date:	2019-10-17T15:18:45
db:	PACKETSTORM	id:	154934	date:	2019-10-22T17:26:43
db:	PACKETSTORM	id:	154946	date:	2019-10-23T18:28:39
db:	PACKETSTORM	id:	154933	date:	2019-10-22T17:26:37
db:	PACKETSTORM	id:	154935	date:	2019-10-22T17:26:50
db:	CNNVD	id:	CNNVD-201909-180	date:	2019-09-04T00:00:00
db:	NVD	id:	CVE-2019-15902	date:	2019-09-04T06:15:10.780