CVE-2019-15030
kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.
En el kernel de Linux versiones hasta 5.2.14 en la plataforma powerpc, un usuario local puede leer registros vectoriales de los procesos de otros usuarios por medio de una excepción Facility Unavailable. Para explotar la venerabilidad, un usuario local inicia una transacción (por medio de la instrucción de memoria transaccional de hardware tbegin) y entonces accede a los registros vectoriales. En algún punto, los registros vectoriales se corromperán con los valores de un proceso de Linux local diferente debido a una falta de comprobación del archivo arch/powerpc/kernel/process.c.
A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes (via a Facility Unavailable exception). An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupted with values from the different local Linux processes, because of the missing check inside arch/powerpc/kernel/process.c. The highest threat from this vulnerability is confidentiality of data and availability of the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-14 CVE Reserved
- 2019-09-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-862: Missing Authorization
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20191004-0001 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60 | 2024-08-05 |
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2019/09/10/3 | 2020-08-24 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html | 2020-08-24 | |
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html | 2020-08-24 | |
https://access.redhat.com/errata/RHSA-2020:0740 | 2020-08-24 | |
https://usn.ubuntu.com/4135-1 | 2020-08-24 | |
https://usn.ubuntu.com/4135-2 | 2020-08-24 | |
https://access.redhat.com/security/cve/CVE-2019-15030 | 2020-04-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1759313 | 2020-04-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 5.2.14 Search vendor "Linux" for product "Linux Kernel" and version " <= 5.2.14" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|