How severe is CVE-2019-15031?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2019-15031?

This is classified as CWE-662, which is a common weakness in software security.

CVE-2019-15031 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.

Related Vulnerabilities

CVE-2018-4027

MEDIUM

CVSS:5.3(Medium)

An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially craft...

CWE-6622018

CVE-2021-30904

MEDIUM

CVSS:5.3(Medium)

A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage.

CWE-6622021

CVE-2020-12769

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

CWE-6622020

CVE-2021-46939

MEDIUM

CVSS:5.5(Medium)

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cau...

CWE-6622021

CVE-2018-25008

MEDIUM

CVSS:5.9(Medium)

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.

CWE-6622018

CVE-2020-36216

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.

CWE-6622020