CVE-2019-15031

EUVD-2019-6118

13.09.2019, 13:15

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.4 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 ≤ 5.2.14
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.04
opensuse	leap	15.0
opensuse	leap	15.1
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
jessie	not-affected
sid	6.11.6-1 fixed
stretch	not-affected
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

bionic	Fixed 4.15.0-64.73 released
disco	Fixed 5.0.0-29.31 released
eoan	not-affected
trusty	not-affected
xenial	not-affected

linux-aws

bionic	Fixed 4.15.0-1050.52 released
disco	Fixed 5.0.0-1016.18 released
eoan	not-affected
trusty	not-affected
xenial	not-affected

linux-aws-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-aws-hwe

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-1050.52~16.04.1 released

linux-azure

bionic	Fixed 5.0.0-1020.21~18.04.1 released
disco	Fixed 5.0.0-1020.21 released
eoan	not-affected
trusty	Fixed 4.15.0-1059.64~14.04.1 released
xenial	Fixed 4.15.0-1059.64 released

linux-azure-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-azure-edge

bionic	Fixed 5.0.0-1020.21~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-1059.64 released

linux-gcp

bionic	Fixed 4.15.0-1044.70 released
disco	Fixed 5.0.0-1017.17 released
eoan	not-affected
trusty	dne
xenial	Fixed 4.15.0-1044.46 released

linux-gcp-5.3

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gcp-edge

bionic	Fixed 4.15.0-1044.70 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-4.15

bionic	Fixed 4.15.0-1044.46 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-gke-5.0

bionic	Fixed 5.0.0-1017.17~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-hwe

bionic	Fixed 5.0.0-29.31~18.04.1 released
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-64.73~16.04.1 released

linux-hwe-edge

bionic	ignored
disco	dne
eoan	dne
trusty	dne
xenial	Fixed 4.15.0-64.73~16.04.1 released

linux-kvm

bionic	Fixed 4.15.0-1046.46 released
disco	Fixed 5.0.0-1017.18 released
eoan	not-affected
trusty	dne
xenial	not-affected

linux-lts-trusty

bionic	dne
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-lts-xenial

bionic	dne
disco	dne
eoan	dne
trusty	not-affected
xenial	dne

linux-oem

bionic	Fixed 4.15.0-1056.65 released
disco	ignored
eoan	Fixed 4.15.0-1059.68 released
trusty	dne
xenial	ignored

linux-oem-5.4

bionic	dne
eoan	dne
trusty	dne
xenial	dne

linux-oem-osp1

bionic	Fixed 5.0.0-1022.24 released
disco	ignored
eoan	Fixed 5.0.0-1022.24 released
trusty	dne
xenial	dne

linux-oracle

bionic	Fixed 4.15.0-1025.28 released
disco	Fixed 5.0.0-1004.8 released
eoan	not-affected
trusty	dne
xenial	Fixed 4.15.0-1025.28~16.04.1 released

linux-oracle-5.0

bionic	not-affected
disco	dne
eoan	dne
trusty	dne
xenial	dne

linux-raspi2

bionic	Fixed 4.15.0-1047.51 released
disco	Fixed 5.0.0-1017.17 released
eoan	not-affected
trusty	dne
xenial	not-affected

linux-raspi2-5.3

bionic	not-affected
eoan	dne
trusty	dne
xenial	dne

linux-snapdragon

bionic	Fixed 4.15.0-1064.71 released
disco	Fixed 5.0.0-1021.22 released
eoan	dne
trusty	dne
xenial	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-662 - Improper Synchronization
The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

http://www.openwall.com/lists/oss-security/2019/09/10/4

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97

https://security.netapp.com/advisory/ntap-20191004-0001/

https://usn.ubuntu.com/4135-1/