A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| https://grsecurity.net/teardown_of_a_failed_linux_lts_spectre_fix.php | patch third party advisory exploit |
| http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | third party advisory vendor advisory |
| https://seclists.org/bugtraq/2019/Sep/41 | third party advisory mailing list |
| https://www.debian.org/security/2019/dsa-4531 | third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html | third party advisory mailing list |
| https://security.netapp.com/advisory/ntap-20191004-0001/ | third party advisory |
| https://usn.ubuntu.com/4157-1/ | vendor advisory |
| https://usn.ubuntu.com/4162-1/ | vendor advisory |
| https://usn.ubuntu.com/4157-2/ | vendor advisory |
| https://usn.ubuntu.com/4163-1/ | vendor advisory |
| https://usn.ubuntu.com/4163-2/ | vendor advisory |
| https://usn.ubuntu.com/4162-2/ | vendor advisory |