CVE-2019-15030

Updated: 2023-12-06

CWE: Improper Input Validation

Description:

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

CVSS3: 4.4


Vendor State

OS Vendor version Errata
RHEL 8 4.18.0-147.8.1.el8_1 RHSA-2020:1372
Oracle Linux 8 4.18.0-147.8.1.el8_1 ELSA-2020-1372

KernelCare State

OS Original kernel version State
Debian 9
Ready For Release
Debian 8 backports
Ready For Release
RHEL 8
Ready For Release
Debian 10
Ready For Release
Endurance 7 eig 4.14
Ready For Release
Proofpoint
Ready For Release
OEL 8 Dell
Ready For Release
Oracle Linux 8
Ready For Release
CloudLinux OS 8
Ready For Release