{ "threat_severity" : "Moderate", "public_date" : "2019-11-28T00:00:00Z", "bugzilla" : { "description" : "kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure", "id" : "1777825", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1777825" }, "cvss3" : { "cvss3_base_score" : "4.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.", "A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. The flushing of these structures helps to prevent SpectreRSB like attacks which may leak information from one user process to another. An unprivileged user could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attacks." ], "statement" : "This issue affects versions of the kernel package as shipped with Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\nThis issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2020-07-15T00:00:00Z", "advisory" : "RHSA-2020:2933", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-754.31.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-01-21T00:00:00Z", "advisory" : "RHSA-2020:0174", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-alt-0:4.14.0-115.17.1.el7a" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2020-03-31T00:00:00Z", "advisory" : "RHSA-2020:1016", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1127.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date" : "2020-07-07T00:00:00Z", "advisory" : "RHSA-2020:2851", "cpe" : "cpe:/o:redhat:rhel_eus:7.6", "package" : "kernel-0:3.10.0-957.56.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2020-04-30T00:00:00Z", "advisory" : "RHSA-2020:1984", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "kernel-0:3.10.0-1062.21.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHSA-2020:1372", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-147.8.1.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date" : "2020-06-09T00:00:00Z", "advisory" : "RHSA-2020:2429", "cpe" : "cpe:/o:redhat:rhel_e4s:8.0", "package" : "kernel-0:4.18.0-80.23.2.el8_0" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2020-07-07T00:00:00Z", "advisory" : "RHSA-2020:2851", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "kernel-0:3.10.0-957.56.1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-18660\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18660" ], "name" : "CVE-2019-18660", "csaw" : false }