Updated: 2023-12-06
CWE: Improper Restriction of Operations within the Bounds of a Memory Buffer
Description:
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.
CVSS3: 5.6
| OS | Vendor version | Errata |
|---|---|---|
| Ubuntu 18.04 | 4.15.0-66.75 | USN-4162-1 |
| Ubuntu 16.04 | 4.4.0-166.195 | USN-4163-1 |
| Ubuntu 16.04 AWS | 4.4.0-1096.107 | USN-4163-1 |
| Ubuntu 18.04 HWE | 5.0.0-32.34~18.04.2 | USN-4157-2 |
| Ubuntu 16.04 HWE | 4.15.0-66.75~16.04.1 | USN-4162-1 |
| Debian 9 | 4.9.189-3+deb9u1 | DSA-4531-1 |
| Debian 8 backports | 4.9.189-3+deb9u1 | DSA-4531-1 |
| Amazon Linux 1 | 4.14.143-91.122.amzn1 | ALAS-2019-1281 |
| Ubuntu 18.04 GCP | 5.0.0-1021.21~18.04.1 | USN-4157-2 |
| Ubuntu 18.04 Azure | 5.0.0-1023.24~18.04.1 | USN-4157-2 |
| Ubuntu 16.04 Azure | 4.15.0-1061.66 | USN-4162-1 |
| Ubuntu 16.04 (FIPS) | 4.4.0-166.195 | usn-4163-1 |
| OS | Original kernel version | State |
|---|---|---|
| Ubuntu 18.04 |
4.15.0-64.73
show all
hide all
4.15.0-60.67
4.15.0-65.74
4.15.0-59.66
4.15.0-62.69
4.15.0-63.72
|
Released |
| Ubuntu 16.04 |
4.4.0-161.189
show all
hide all
4.4.0-165.193
4.4.0-164.192
|
Released |
| Ubuntu 16.04 AWS |
4.4.0-1095.106
show all
hide all
4.4.0-1092.103
4.4.0-1094.105
|
Released |
| Ubuntu 18.04 HWE | |
Ready For Release |
| Ubuntu 16.04 HWE |
4.15.0-65.74~16.04.1
show all
hide all
4.15.0-64.73~16.04.1
4.15.0-59.66~16.04.1
4.15.0-62.69~16.04.1
4.15.0-60.67~16.04.1
|
Released |
| Debian 9 |
4.9.189-3
|
Released |
| Debian 8 backports |
4.9.189-3~deb8u1
|
Released |
| Amazon Linux 1 |
4.14.138-89.102.amzn1
|
Released |
| Proxmox VE 5 |
4.15.18-21-pve_4.15.18-48
show all
hide all
4.15.18-21-pve_4.15.18-47
|
Released |
| Ubuntu 18.04 GCP |
5.0.0-1020.20~18.04.1
show all
hide all
4.15.0-1042.44
4.15.0-1044.46
4.15.0-1044.70
4.15.0-1042.45
|
Released |
| Proxmox VE 6 |
5.0.21-2-pve_5.0.21-3
show all
hide all
5.0.21-2-pve_5.0.21-6
5.0.21-3-pve_5.0.21-7
5.0.21-2-pve_5.0.21-4
|
Released |
| Endurance 7 eig 4.14 |
4.14.68-103.ELK.el6
show all
hide all
4.14.68-103.ELK.el7
4.14.93-162.ELK.el6
4.14.93-162.ELK.el7
4.14.94-164.ELK.el6
4.14.94-164.ELK.el7
|
Released |
| Proofpoint | |
Ready For Release |
| Ubuntu 18.04 Azure |
5.0.0-1022.23~18.04.1
show all
hide all
5.0.0-1019.20~18.04.1
5.0.0-1021.22~18.04.1
|
Released |
| Ubuntu 16.04 Azure |
4.15.0-1060.65
show all
hide all
4.15.0-1056.61
4.15.0-1059.64
4.15.0-1057.62
|
Released |
| Ubuntu 16.04 (FIPS) |
4.4.0-1010.13
show all
hide all
4.4.0-1019.24
4.4.0-1021.26
4.4.0-1022.27
|
Released |