CVE-2019-18660

CVSS V2 Low 1.9 CVSS V3 Medium 4.7

Description

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Overview

CVE ID
CVE-2019-18660

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2019-11-27T23:15:10

Last Modified Date
2020-01-28T19:47:40

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:o:linux:linux_kernel::::::::	1	OR	5.4.1
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::	1	OR
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*	1	OR
cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*	1	OR
cpe:2.3:o:fedoraproject:fedora:30:::::::*	1	OR
cpe:2.3:o:fedoraproject:fedora:31:::::::*	1	OR
cpe:2.3:o:opensuse:leap:15.1:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*	1	OR
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:M/Au:N/C:P/I:N/A:N

Access Vector
LOCAL

Access Compatibility
MEDIUM

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
1.9

Severity
LOW

Exploitability Score
3.4

Impact Score
2.9

CVSS Version 3

Version
3.1

Vector String
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector
LOCAL

Attack Compatibility
HIGH

Privileges Required
LOW

User Interaction
NONE

Scope
UNCHANGED

Confidentiality Impact
HIGH

Availability Impact
NONE

Base Score
4.7

Base Severity
MEDIUM

Exploitability Score
1

Impact Score
3.6

References

Reference URL	Reference Tags
https://www.openwall.com/lists/oss-security/2019/11/27/1	Mailing List Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/11/27/1	Mailing List Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYIFGYEDQXP5DVJQQUARQRK2PXKBKQGY/	Mailing List Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.1	Release Notes Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWWOOJKZ4NQYN4RMFIVJ3ZIXKJJI3MKP/	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20200103-0001/	Third Party Advisory
https://usn.ubuntu.com/4228-1/	Third Party Advisory
https://usn.ubuntu.com/4227-1/	Third Party Advisory
https://usn.ubuntu.com/4226-1/	Third Party Advisory
https://usn.ubuntu.com/4225-1/	Third Party Advisory
https://usn.ubuntu.com/4228-2/	Third Party Advisory
https://usn.ubuntu.com/4227-2/	Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/10	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2020:0174	Third Party Advisory
https://usn.ubuntu.com/4225-2/	Third Party Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2019-18660
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 16:52:17				Added to TrackCVE
2022-12-04 07:10:54	2019-11-27T23:15Z	2019-11-27T23:15:10	CVE Published Date	updated
2022-12-04 07:10:54		2020-01-28T19:47:40	CVE Modified Date	updated
2022-12-04 07:10:54		Analyzed	Vulnerability Status	updated