First published: Fri Sep 13 2019(Updated: )
A flaw in the Linux kernel on the PowerPC platform, was found where a local user can read vector registers of other user processes (during a hardware interrupt). An attacker must start a transaction when the FPU operation begins or there is no leakage. Vector registers will become corrupted with values from the different local Linux processes, because of the missing check inside arch/powerpc/kernel/process.c. The highest threat from this vulnerability is confidentiality of data and availability of the system.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-alt | <0:4.14.0-115.19.1.el7a | 0:4.14.0-115.19.1.el7a |
redhat/kernel | <0:4.18.0-147.8.1.el8_1 | 0:4.18.0-147.8.1.el8_1 |
Linux Linux kernel | <=5.2.14 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
debian/linux | 5.10.223-1 6.1.106-3 6.1.99-1 6.10.9-1 |
When applicable rely on FPU emulation (for example by rebuilding the critical services code) instead of the hardware FPU.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.