How severe is CVE-2019-15030?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2019-15030?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2019-15030

MEDIUM Year: 2019

CVSS v3 Score

4.4

Medium

CVSS v2 Score

3.6

Low

Weakness Type

CWE-862

View all →

Vulnerability Description

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

CVE-2020-0135

MEDIUM

CVSS:4.4(Medium)

In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privil...

CWE-8622020

CVE-2020-10697

MEDIUM

CVSS:4.4(Medium)

A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed via TCP. An attacker can take advantage of writing a playbook polluting this cache, causing a denial...

CWE-8622020

CVE-2020-27053

MEDIUM

CVSS:4.4(Medium)

In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi ...

CWE-8622020

CVE-2020-28368

MEDIUM

CVSS:4.4(Medium)

Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Pla...

CWE-8622020

CVE-2021-0403

MEDIUM

CVSS:4.4(Medium)

In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is n...

CWE-8622021

CVE-2022-20098

MEDIUM

CVSS:4.4(Medium)

In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction i...

CWE-8622022

CVE-2019-15030

Vulnerability Description

Related Vulnerabilities

CVE-2020-0135

CVE-2020-10697

CVE-2020-27053

CVE-2020-28368

CVE-2021-0403

CVE-2022-20098