CVE - CVE-2019-5489

CVE-ID
CVE-2019-5489	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:106478 URL:http://www.securityfocus.com/bid/106478 BUGTRAQ:20190618 [SECURITY] [DSA 4465-1] linux security update URL:https://seclists.org/bugtraq/2019/Jun/26 CONFIRM:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en URL:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en CONFIRM:https://security.netapp.com/advisory/ntap-20190307-0001/ URL:https://security.netapp.com/advisory/ntap-20190307-0001/ DEBIAN:DSA-4465 URL:https://www.debian.org/security/2019/dsa-4465 MISC:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e URL:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e MISC:https://arxiv.org/abs/1901.01161 URL:https://arxiv.org/abs/1901.01161 MISC:https://bugzilla.suse.com/show_bug.cgi?id=1120843 URL:https://bugzilla.suse.com/show_bug.cgi?id=1120843 MISC:https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e URL:https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MISC:https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ URL:https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ MLIST:[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html MLIST:[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html REDHAT:RHSA-2019:2029 URL:https://access.redhat.com/errata/RHSA-2019:2029 REDHAT:RHSA-2019:2043 URL:https://access.redhat.com/errata/RHSA-2019:2043 REDHAT:RHSA-2019:2473 URL:https://access.redhat.com/errata/RHSA-2019:2473 REDHAT:RHSA-2019:2808 URL:https://access.redhat.com/errata/RHSA-2019:2808 REDHAT:RHSA-2019:2809 URL:https://access.redhat.com/errata/RHSA-2019:2809 REDHAT:RHSA-2019:2837 URL:https://access.redhat.com/errata/RHSA-2019:2837 REDHAT:RHSA-2019:3309 URL:https://access.redhat.com/errata/RHSA-2019:3309 REDHAT:RHSA-2019:3517 URL:https://access.redhat.com/errata/RHSA-2019:3517 REDHAT:RHSA-2019:3967 URL:https://access.redhat.com/errata/RHSA-2019:3967 REDHAT:RHSA-2019:4056 URL:https://access.redhat.com/errata/RHSA-2019:4056 REDHAT:RHSA-2019:4057 URL:https://access.redhat.com/errata/RHSA-2019:4057 REDHAT:RHSA-2019:4058 URL:https://access.redhat.com/errata/RHSA-2019:4058 REDHAT:RHSA-2019:4159 URL:https://access.redhat.com/errata/RHSA-2019:4159 REDHAT:RHSA-2019:4164 URL:https://access.redhat.com/errata/RHSA-2019:4164 REDHAT:RHSA-2019:4255 URL:https://access.redhat.com/errata/RHSA-2019:4255 REDHAT:RHSA-2020:0204 URL:https://access.redhat.com/errata/RHSA-2020:0204 SUSE:openSUSE-SU-2019:1479 URL:http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html SUSE:openSUSE-SU-2019:1570 URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html SUSE:openSUSE-SU-2019:1579 URL:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
Assigning CNA
MITRE Corporation
Date Record Created
20190107	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190107)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)