Updated: 2023-12-06
CWE: Improper Input Validation
Description:
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
CVSS3: 4.4
OS | Vendor version | Errata |
---|---|---|
RHEL 8 | 4.18.0-147.8.1.el8_1 | RHSA-2020:1372 |
Oracle Linux 8 | 4.18.0-147.8.1.el8_1 | ELSA-2020-1372 |
OS | Original kernel version | State |
---|---|---|
Debian 9 | |
Ready For Release |
Debian 8 backports | |
Ready For Release |
RHEL 8 | |
Ready For Release |
Debian 10 | |
Ready For Release |
Endurance 7 eig 4.14 | |
Ready For Release |
Proofpoint | |
Ready For Release |
OEL 8 Dell | |
Ready For Release |
Oracle Linux 8 | |
Ready For Release |
CloudLinux OS 8 | |
Ready For Release |