CVE-2019-18660

MEDIUM

Linux kernel <5.4.1 - Info Disclosure

Title source: llm

Description

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

References (18)

Core 18

Core References

Mailing List, Patch, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2019/11/27/1

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/11/27/1

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/

Release Notes, Vendor Advisory x_refsource_confirm

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200103-0001/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4228-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4227-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4226-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4228-2/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4227-2/

Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2020/Jan/10

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0174

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4225-2/

Scores

CVSS v3 4.7

EPSS 0.0003

EPSS Percentile 8.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (12)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.04

canonical/ubuntu_linux 19.10

fedoraproject/fedora 30

fedoraproject/fedora 31

linux/linux_kernel < 5.4.1

opensuse/leap 15.1

redhat/enterprise_linux 6.0

... and 2 more

Published Nov 27, 2019

Tracked Since Feb 18, 2026