QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15031

Published: Sep 13, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2019/09/10/4

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2019:2173

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2181

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

https://security.netapp.com/advisory/ntap-20191004-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.