CVE-2019-5489

 

Published at: - 07-01-2019 06:29

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
• https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
• https://bugzilla.suse.com/show_bug.cgi?id=1120843
• https://arxiv.org/abs/1901.01161
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
• 106478-Third Party Advisory, VDB Entry
• https://security.netapp.com/advisory/ntap-20190307-0001/
• openSUSE-SU-2019:1479-
• DSA-4465-
• [debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update-
• [debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update-
• openSUSE-SU-2019:1570-
• 20190618 [SECURITY] [DSA 4465-1] linux security update-
• openSUSE-SU-2019:1579-
• RHSA-2019:2043-
• RHSA-2019:2029-
• RHSA-2019:2473-
• RHSA-2019:2808-
• RHSA-2019:2837-
• RHSA-2019:2809-
• RHSA-2019:3517-
• RHSA-2019:3309-
• RHSA-2019:3967-
• RHSA-2019:4056-
• RHSA-2019:4058-
• RHSA-2019:4057-
• RHSA-2019:4164-
• RHSA-2019:4159-
• RHSA-2019:4255-
• http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en
• RHSA-2020:0204-
• https://www.oracle.com/security-alerts/cpujul2020.html

 

Keywords

NVD

 

CVE-2019-5489

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures