Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

UBUNTU-CVE-2019-18660 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceUBUNTU-CVE-2019-18660

UBUNTU-CVE-2019-18660

MEDIUM5.5

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/k

Published Nov 27, 2019

Modified 7 months ago

Fix available

Details

The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.

Affected Packages(171 packages)

linux

Ubuntu 22.04 LTS

Fixed in:

5.13.0-19.19

linux

Ubuntu 25.04

Fixed in:

6.11.0-8.8

linux

Ubuntu 20.04 LTS

Affected versions:

5.3.0-18.195.3.0-24.26

Fixed in:

5.4.0-9.12

linux

Ubuntu Pro 14.04 LTS

Affected versions:

3.11.0-12.193.12.0-1.33.12.0-2.53.12.0-2.73.12.0-3.83.12.0-3.93.12.0-4.103.12.0-4.123.12.0-5.133.12.0-7.15+170 more

linux

Ubuntu 16.04 LTS

Affected versions:

4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+93 more

Fixed in:

4.4.0-171.200

linux

Ubuntu 18.04 LTS

Affected versions:

4.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-12.134.15.0-13.144.15.0-15.164.15.0-19.204.15.0-20.21+32 more

Fixed in:

4.15.0-74.84

linux

Ubuntu 24.04 LTS

Fixed in:

6.5.0-9.9

linux-aws

Ubuntu 16.04 LTS

Affected versions:

4.4.0-1001.104.4.0-1003.124.4.0-1004.134.4.0-1007.164.4.0-1009.184.4.0-1011.204.4.0-1012.214.4.0-1013.224.4.0-1016.254.4.0-1017.26+51 more

Fixed in:

4.4.0-1100.111

linux-aws

Ubuntu 14.04 LTS

Affected versions:

4.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+24 more

linux-aws

Ubuntu 24.04 LTS

Fixed in:

6.5.0-1008.8

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad

https://ubuntu.com/security/CVE-2019-18660

https://ubuntu.com/security/notices/USN-4225-1

https://ubuntu.com/security/notices/USN-4225-2

https://ubuntu.com/security/notices/USN-4226-1

https://ubuntu.com/security/notices/USN-4227-1

https://ubuntu.com/security/notices/USN-4227-2

https://ubuntu.com/security/notices/USN-4228-1

https://ubuntu.com/security/notices/USN-4228-2

https://www.cve.org/CVERecord?id=CVE-2019-18660

https://www.openwall.com/lists/oss-security/2019/11/27/1

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Upstream

Related

USN-4225-1 USN-4225-2 USN-4226-1 USN-4227-1 USN-4227-2 USN-4228-1 USN-4228-2

Ecosystems(30)

Ubuntu 22.04 LTS Ubuntu 25.04 Ubuntu 20.04 LTS Ubuntu Pro 14.04 LTS Ubuntu 16.04 LTS

Timeline

PublishedNov 27, 2019

ModifiedJul 15, 2025