Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 693478 (CVE-2019-15902) - <sys-kernel/gentoo-sources-{4.4.191,4.9.191,4.14.142,4.19.71}: Backporting error re-introduced Spectre vulnerability (CVE-2019-15902)
Summary: <sys-kernel/gentoo-sources-{4.4.191,4.9.191,4.14.142,4.19.71}: Backporting er...
Status: RESOLVED FIXED
Alias: CVE-2019-15902
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://grsecurity.net/teardown_of_a_...
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks:
 
Reported: 2019-09-04 11:05 UTC by Thomas Deutschmann
Modified: 2019-11-07 20:49 UTC (History)
1 user (show)

See Also:
Package list:
sys-kernel/gentoo-sources-4.19.72 sys-kernel/gentoo-sources-4.14.143 sys-kernel/gentoo-sources-4.9.192 sys-kernel/gentoo-sources-4.4.192
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2019-09-04 11:05:55 UTC
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-09-13 00:34:47 UTC
x86 stable
Comment 2 Agostino Sarubbo gentoo-dev 2019-09-13 09:22:22 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-09-13 12:01:33 UTC
ppc stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-09-13 12:03:13 UTC
ppc64 stable
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2019-09-13 15:49:50 UTC
arm stable
Comment 6 Ben Kohler gentoo-dev 2019-09-13 16:50:21 UTC
sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-09-13 17:27:48 UTC
ia64 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2019-11-07 20:49:10 UTC
alpha & hppa marked stable due to arch team timeout under kernel project policy.