CVE-2019-15031

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.2.14 on the powerpc platform

Description The issue is related to a lack of protection for service data in the arch/powerpc/kernel/process.c component of the Linux kernel, specifically on the powerpc platform. This can be exploited by a local user to impact the confidentiality and availability of protected information. The exploitation involves starting a transaction using the tbegin command and then accessing vector registers. At some point, the vector registers will be corrupted with values from a different local Linux process due to the misuse of MSR TM ACTIVE in arch/powerpc/kernel/process.c. A local user can read vector registers of other users' processes via an interrupt.

Recommendations For Linux kernel versions prior to 5.2.14 on the powerpc platform: As a temporary workaround, consider disabling the use of the tbegin command to prevent exploitation until a patch is available. Restrict access to vector registers to minimize the risk of exploitation. Avoid using the MSR TM ACTIVE in the arch/powerpc/kernel/process.c component until the issue is resolved.