PT-2019-4895 · Linux+5 · Linux Kernel+5
Published
2019-09-05
·
Updated
2024-06-15
·
CVE-2019-15030
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.2.14 on the powerpc platform
Description
A local user can read vector registers of other users' processes via a Facility Unavailable exception. This issue arises due to a missing check in arch/powerpc/kernel/process.c. To exploit this, a local user starts a transaction using the hardware transactional memory instruction
tbegin and then accesses vector registers. The vector registers will be corrupted with values from a different local Linux process. This can impact the confidentiality and availability of protected information.Recommendations
For Linux kernel versions prior to 5.2.14 on the powerpc platform, consider restricting access to the
tbegin instruction and the affected vector registers to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Missing Authorization
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu