CVE-2019-15902

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.4.x through 4.4.190 Linux kernel versions 4.9.x through 4.9.190 Linux kernel versions 4.14.x through 4.14.141 Linux kernel versions 4.19.x through 4.19.69 Linux kernel versions 5.2.x through 5.2.11

Description The issue is related to errors in implementing protections against Spectre class vulnerabilities in the Linux kernel's ptrace subsystem. Exploitation of this issue may allow an attacker to disclose protected information. A backporting error in the Linux stable/longterm kernel reintroduced a Spectre vulnerability that was supposed to be eliminated. This occurred due to the misuse of an upstream commit and the swapping of two correctly ordered code lines.

Recommendations For Linux kernel versions 4.4.x through 4.4.190, update to a version after 4.4.190 to resolve the issue. For Linux kernel versions 4.9.x through 4.9.190, update to a version after 4.9.190 to resolve the issue. For Linux kernel versions 4.14.x through 4.14.141, update to a version after 4.14.141 to resolve the issue. For Linux kernel versions 4.19.x through 4.19.69, update to a version after 4.19.69 to resolve the issue. For Linux kernel versions 5.2.x through 5.2.11, update to a version after 5.2.11 to resolve the issue.