CVE-2019-5489

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en

http://www.securityfocus.com/bid/106478

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2473

https://access.redhat.com/errata/RHSA-2019:2808

https://access.redhat.com/errata/RHSA-2019:2809

https://access.redhat.com/errata/RHSA-2019:2837

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2019:4056

https://access.redhat.com/errata/RHSA-2019:4057

https://access.redhat.com/errata/RHSA-2019:4058

https://access.redhat.com/errata/RHSA-2019:4159

https://access.redhat.com/errata/RHSA-2019:4164

https://access.redhat.com/errata/RHSA-2019:4255

https://access.redhat.com/errata/RHSA-2020:0204

https://arxiv.org/abs/1901.01161

https://bugzilla.suse.com/show_bug.cgi?id=1120843

https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://seclists.org/bugtraq/2019/Jun/26

https://security.netapp.com/advisory/ntap-20190307-0001/

https://www.debian.org/security/2019/dsa-4465

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

Details

Source: MITRE

Published: 2019-01-07

Updated: 2020-08-24

Type: CWE-319

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (61 total)

IDNameProductFamilySeverity
150662SUSE SLES11 Security Update : kernel (SUSE-SU-2019:14089-1)NessusSuSE Local Security Checks
high
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
138539Oracle Solaris Critical Patch Update : jul2020_SRU11_4_21_69_0NessusSolaris Local Security Checks
high
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
133462Virtuozzo 7 : readykernel-patch (VZA-2019-085)NessusVirtuozzo Local Security Checks
high
133221RHEL 8 : kernel (RHSA-2020:0204)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
132232RHEL 6 : kernel (RHSA-2019:4255)NessusRed Hat Local Security Checks
high
131981RHEL 7 : kernel (RHSA-2019:4164)NessusRed Hat Local Security Checks
high
131980RHEL 7 : kernel (RHSA-2019:4159)NessusRed Hat Local Security Checks
high
131719RHEL 6 : MRG (RHSA-2019:4057)NessusRed Hat Local Security Checks
high
131675RHEL 7 : kernel (RHSA-2019:4058)NessusRed Hat Local Security Checks
high
131530RHEL 6 : kernel (RHSA-2019:4056)NessusRed Hat Local Security Checks
high
131375RHEL 7 : kernel (RHSA-2019:3967)NessusRed Hat Local Security Checks
high
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
critical
130526RHEL 8 : kernel-rt (RHSA-2019:3309)NessusRed Hat Local Security Checks
critical
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
129149RHEL 7 : kernel (RHSA-2019:2837)NessusRed Hat Local Security Checks
medium
129145RHEL 7 : kernel-alt (RHSA-2019:2809)NessusRed Hat Local Security Checks
high
128689NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)NessusNewStart CGSL Local Security Checks
high
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
medium
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
128032Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)NessusVirtuozzo Local Security Checks
high
127982Oracle Linux 6 : kernel (ELSA-2019-2473)NessusOracle Linux Local Security Checks
high
127919CentOS 6 : kernel (CESA-2019:2473)NessusCentOS Local Security Checks
high
127880Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)NessusScientific Linux Local Security Checks
high
127878RHEL 6 : kernel (RHSA-2019:2473)NessusRed Hat Local Security Checks
high
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
medium
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
medium
126240SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126045SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
126040openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126033openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126009Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125997SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125996SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125995SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125994SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125993SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125992SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125991SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125990SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125959Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125958Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125667openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)NessusSuSE Local Security Checks
high
125605Amazon Linux AMI : kernel (ALAS-2019-1214)NessusAmazon Linux Local Security Checks
high
125598Amazon Linux 2 : kernel (ALAS-2019-1214)NessusAmazon Linux Local Security Checks
high
124985EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)NessusHuawei Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124430EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)NessusHuawei Local Security Checks
high
124398EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)NessusHuawei Local Security Checks
high
123909EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)NessusHuawei Local Security Checks
high
123907EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)NessusHuawei Local Security Checks
medium
123630EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1156)NessusHuawei Local Security Checks
medium
122141Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)NessusOracle Linux Local Security Checks
high
121605OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)NessusOracleVM Local Security Checks
high
121566Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)NessusOracle Linux Local Security Checks
medium