ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2019-15030

Updated: 2023-12-06

CWE: Improper Input Validation

Description:

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

CVSS3: 4.4

Vendor State

OS	Vendor version	Errata
RHEL 8	4.18.0-147.8.1.el8_1	RHSA-2020:1372
Oracle Linux 8	4.18.0-147.8.1.el8_1	ELSA-2020-1372

KernelCare State

OS	Original kernel version	State
Debian 9		Ready For Release
Debian 8 backports		Ready For Release
RHEL 8		Ready For Release
Debian 10		Ready For Release
Endurance 7 eig 4.14		Ready For Release
Proofpoint		Ready For Release
OEL 8 Dell		Ready For Release
Oracle Linux 8		Ready For Release
CloudLinux OS 8		Ready For Release