QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15030

Published: Sep 13, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2019/09/10/3

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:2173

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2181

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

https://security.netapp.com/advisory/ntap-20191004-0001/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.