CVE-2019-18660

Advisory lineage Upstream: 0 Downstream: 30

Downstream

DEBIAN-CVE-2019-18660 OPENSUSE-SU-2019:2675-1 RHSA-2020:0174 RHSA-2020:1016 RHSA-2020:1372 RHSA-2020:1984

Modified

Published: 27 Nov 2019, 22:11

Last modified:05 Aug 2024, 01:54

Vulnerability Summary

Overall Risk (default)

low

19/100

CVSS Score

4.7 MEDIUM

v3.1 (nvd)

EPSS Score

0.03% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Nov 2019, 22:11

Published

Vulnerability first disclosed

05 Aug 2024, 01:54

Last Modified

Vulnerability information updated

Description

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

CVSS Metrics

v3.1•MEDIUM•Score: 4.7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.03%• Percentile: 9%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

canonical•ubuntu_linux
14.04 | 16.04 | 18.04 | 19.04 | 19.10
fedoraproject•fedora
30 | 31
linux•linux_kernel
< 5.4.1
opensuse•leap
15.1
redhat•enterprise_linux
6.0 | 7.0 | 8.0