ID

VAR-201909-1049


CVE

CVE-2019-15902


TITLE

Linux Kernel Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-008961

DESCRIPTION

A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped. Linux Kernel Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from configuration errors in network systems or products during operation. The following products and versions are affected: Linux kernel 4.4.x to 4.4.190, 4.9.x to 4.9.190, 4.14.x to 4.14.141, 4.19.x to 4.19.69, 5.2 .x versions up to 5.2.11. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4531-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 25, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15902 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash. CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function. For the oldstable distribution (stretch), these problems have been fixed in version 4.9.189-3+deb9u1. For the stable distribution (buster), these problems have been fixed in version 4.19.67-2+deb10u1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl2K5xlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Sj8xAAnBGWzlmy5RyQe8VCE3kkMpwmH/00I5IFpjTbAVvyHzKVYl96YbY1YuAP ID++cBxBElWCQriwCESc5Um/BGpOMmTa3VlkXIVy6uHgwt1Hn+ZW/syFaGt0/brW eKIecVQLyZaV7OOx4Q+J9H5WN1FNKoV3BCsfUFlRqNCUtYQ46X7pN+gyytW4KbZo AEbPkEdUhv2Z6ndq8Z/OJ5cyYms+OonEt08e2qcN0Ig+qRY9l3fgSn/X3tKQiuJj jGKPkd0VYrFzfDKekcboIBZyegahReRe4k+V8I+o/acuQJGR1cV/qCGxboFFI2+s WeSUhaVixP+7HLXyRljFBdvXlAnx/IajEPG+RAVt6zZs1yK+8bVIhai5TarcwbF3 DWQZvpAeLaKgIN4x7s7xDHNJzO9Ea9fhXm/9T1AoaO3wdN2zjOYHLG3YO4TF0PpF rYY9t17uNdAuCxPeQWCciDOiNQVbEmr3+al/78m2VZcBYEI2s1E9fgQJV21rRlv+ fEavwX9OJg6GKcW9v6cyegyf4gfTvjyzIP/rcmn55hiQ9vjVNykkoNUES5Do6sTb /pSSRuUpJtEE+6LnnqbdD0E6l8SC6zgA/+Pu/7BrACxlk9bhYFmVaAwbPPEuRgrz 3d87MB8FEHu4RDGSgomb849wuAXnEVDwM034VtURUSEAXVFQ0dY=Wqdv -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4163-2 October 23, 2019 linux-lts-xenial, linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: USN-4163-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-21008) Wen Huang discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly perform bounds checking, leading to a heap overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.4.0-1056-aws 4.4.0-1056.60 linux-image-4.4.0-166-generic 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-generic-lpae 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-lowlatency 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-e500mc 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc-smp 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-emb 4.4.0-166.195~14.04.1 linux-image-4.4.0-166-powerpc64-smp 4.4.0-166.195~14.04.1 linux-image-aws 4.4.0.1056.57 linux-image-generic-lpae-lts-xenial 4.4.0.166.145 linux-image-generic-lts-xenial 4.4.0.166.145 linux-image-lowlatency-lts-xenial 4.4.0.166.145 linux-image-powerpc-e500mc-lts-xenial 4.4.0.166.145 linux-image-powerpc-smp-lts-xenial 4.4.0.166.145 linux-image-powerpc64-emb-lts-xenial 4.4.0.166.145 linux-image-powerpc64-smp-lts-xenial 4.4.0.166.145 linux-image-virtual-lts-xenial 4.4.0.166.145 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4163-2 https://usn.ubuntu.com/4163-1 CVE-2016-10906, CVE-2017-18232, CVE-2018-21008, CVE-2019-14814, CVE-2019-14816, CVE-2019-14821, CVE-2019-15117, CVE-2019-15118, CVE-2019-15505, CVE-2019-15902 . Please note that the RDS protocol is blacklisted in Ubuntu by default

Trust: 2.43

sources: NVD: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // PACKETSTORM: 154948 // PACKETSTORM: 154606 // PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154946 // PACKETSTORM: 154933 // PACKETSTORM: 154935

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:lteversion:5.2.11

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:4.14.141

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:4.19.69

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:4.4.190

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.4

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.19

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.14

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.2

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:4.9

Trust: 1.0

vendor:netappmodel:baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:active iq performance analytics servicesscope:eqversion: -

Trust: 1.0

vendor:netappmodel:service processorscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:4.9.190

Trust: 1.0

vendor:linuxmodel:kernelscope:eqversion:4.14.141 for up to 4.14.x

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.19.69 for up to 4.19.x

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.4.190 for up to 4.4.x

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:4.9.190 for up to 4.9.x

Trust: 0.8

vendor:linuxmodel:kernelscope:eqversion:5.2.11 for up to 5.2.x

Trust: 0.8

sources: JVNDB: JVNDB-2019-008961 // NVD: CVE-2019-15902

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15902
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15902
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201909-180
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147995
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-15902
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15902
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2019-15902
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-147995
severity: MEDIUM
baseScore: 4.7
vectorString: AV:L/AC:M/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15902
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.1
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-15902
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // CNNVD: CNNVD-201909-180 // NVD: CVE-2019-15902

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-147995 // JVNDB: JVNDB-2019-008961 // NVD: CVE-2019-15902

THREAT TYPE

local

Trust: 1.0

sources: PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154933 // PACKETSTORM: 154935 // CNNVD: CNNVD-201909-180

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201909-180

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008961

PATCH

title:Linux Kernel Archivesurl:http://www.kernel.org

Trust: 0.8

title:Linux kernel Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97941

Trust: 0.6

title:Red Hat: CVE-2019-15902url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-15902

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1281url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1281

Trust: 0.1

title:Debian Security Advisories: DSA-4531-1 linux -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=426a377014db3361a5918ec383935e10

Trust: 0.1

title:Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp, linux-gke-5.0 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4157-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4157-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4162-1

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4163-1

Trust: 0.1

title:Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4163-2

Trust: 0.1

title:Ubuntu Security Notice: linux-azure vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4162-2

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // CNNVD: CNNVD-201909-180

EXTERNAL IDS

db:NVDid:CVE-2019-15902

Trust: 3.3

db:JVNDBid:JVNDB-2019-008961

Trust: 0.8

db:CNNVDid:CNNVD-201909-180

Trust: 0.7

db:PACKETSTORMid:154606

Trust: 0.7

db:AUSCERTid:ESB-2019.3691

Trust: 0.6

db:AUSCERTid:ESB-2019.4261

Trust: 0.6

db:AUSCERTid:ESB-2019.3570

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.3817

Trust: 0.6

db:AUSCERTid:ESB-2019.3613

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2020.0644

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:VULHUBid:VHN-147995

Trust: 0.1

db:VULMONid:CVE-2019-15902

Trust: 0.1

db:PACKETSTORMid:154948

Trust: 0.1

db:PACKETSTORMid:154897

Trust: 0.1

db:PACKETSTORMid:154934

Trust: 0.1

db:PACKETSTORMid:154946

Trust: 0.1

db:PACKETSTORMid:154933

Trust: 0.1

db:PACKETSTORMid:154935

Trust: 0.1

sources: VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // PACKETSTORM: 154948 // PACKETSTORM: 154606 // PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154946 // PACKETSTORM: 154933 // PACKETSTORM: 154935 // CNNVD: CNNVD-201909-180 // NVD: CVE-2019-15902

REFERENCES

url:https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php

Trust: 2.6

url:https://www.debian.org/security/2019/dsa-4531

Trust: 2.4

url:https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-15902

Trust: 2.1

url:https://usn.ubuntu.com/4157-2/

Trust: 1.9

url:https://seclists.org/bugtraq/2019/sep/41

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20191004-0001/

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

Trust: 1.8

url:https://usn.ubuntu.com/4157-1/

Trust: 1.8

url:https://usn.ubuntu.com/4162-1/

Trust: 1.8

url:https://usn.ubuntu.com/4162-2/

Trust: 1.8

url:https://usn.ubuntu.com/4163-1/

Trust: 1.8

url:https://usn.ubuntu.com/4163-2/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15902

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-14821

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-14816

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-15505

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-201914218-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192424-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192414-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192412-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192648-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3570/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3691/

Trust: 0.6

url:https://packetstormsecurity.com/files/154606/debian-security-advisory-4531-1.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-linux-kernel-affect-ibm-spectrum-protect-plus/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4261/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0644/

Trust: 0.6

url:https://vigilance.fr/vulnerability/linux-kernel-information-disclosure-via-spectre-backport-30402

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3613/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3817/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-15117

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-15118

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-14815

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-21008

Trust: 0.4

url:https://usn.ubuntu.com/4162-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15918

Trust: 0.2

url:https://usn.ubuntu.com/4157-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15504

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-2181

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-16714

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-18232

Trust: 0.2

url:https://usn.ubuntu.com/4163-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2016-10906

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15902

Trust: 0.1

url:https://usn.ubuntu.com/4162-2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14835

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/linux

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1019.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1020.20

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-32.34

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1024.25

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1020.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1048.48

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1052.54~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1047.50

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1027.30

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.15.0-66.75

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1059.68

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1061.66

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1046.49

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1049.53

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1066.73

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-66.75~16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1052.54

Trust: 0.1

url:https://usn.ubuntu.com/4163-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-32.34~18.04.2

Trust: 0.1

url:https://usn.ubuntu.com/4157-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1023.24~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1021.21~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1023.23~18.04.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/4.4.0-166.195

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1128.136

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1124.133

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1060.67

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1096.107

Trust: 0.1

sources: VULHUB: VHN-147995 // VULMON: CVE-2019-15902 // JVNDB: JVNDB-2019-008961 // PACKETSTORM: 154948 // PACKETSTORM: 154606 // PACKETSTORM: 154897 // PACKETSTORM: 154934 // PACKETSTORM: 154946 // PACKETSTORM: 154933 // PACKETSTORM: 154935 // CNNVD: CNNVD-201909-180 // NVD: CVE-2019-15902

CREDITS

Debian

Trust: 0.7

sources: PACKETSTORM: 154606 // CNNVD: CNNVD-201909-180

SOURCES

db:VULHUBid:VHN-147995
db:VULMONid:CVE-2019-15902
db:JVNDBid:JVNDB-2019-008961
db:PACKETSTORMid:154948
db:PACKETSTORMid:154606
db:PACKETSTORMid:154897
db:PACKETSTORMid:154934
db:PACKETSTORMid:154946
db:PACKETSTORMid:154933
db:PACKETSTORMid:154935
db:CNNVDid:CNNVD-201909-180
db:NVDid:CVE-2019-15902

LAST UPDATE DATE

2024-08-14T12:07:53.409000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147995date:2019-10-17T00:00:00
db:VULMONid:CVE-2019-15902date:2019-10-17T00:00:00
db:JVNDBid:JVNDB-2019-008961date:2019-09-10T00:00:00
db:CNNVDid:CNNVD-201909-180date:2020-02-25T00:00:00
db:NVDid:CVE-2019-15902date:2019-10-17T04:15:12.203

SOURCES RELEASE DATE

db:VULHUBid:VHN-147995date:2019-09-04T00:00:00
db:VULMONid:CVE-2019-15902date:2019-09-04T00:00:00
db:JVNDBid:JVNDB-2019-008961date:2019-09-10T00:00:00
db:PACKETSTORMid:154948date:2019-10-23T18:28:53
db:PACKETSTORMid:154606date:2019-09-25T18:06:37
db:PACKETSTORMid:154897date:2019-10-17T15:18:45
db:PACKETSTORMid:154934date:2019-10-22T17:26:43
db:PACKETSTORMid:154946date:2019-10-23T18:28:39
db:PACKETSTORMid:154933date:2019-10-22T17:26:37
db:PACKETSTORMid:154935date:2019-10-22T17:26:50
db:CNNVDid:CNNVD-201909-180date:2019-09-04T00:00:00
db:NVDid:CVE-2019-15902date:2019-09-04T06:15:10.780