CVE-2019-5489

LOW

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en

http://www.securityfocus.com/bid/106478

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2473

https://access.redhat.com/errata/RHSA-2019:2808

https://access.redhat.com/errata/RHSA-2019:2809

https://access.redhat.com/errata/RHSA-2019:2837

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2019:4056

https://access.redhat.com/errata/RHSA-2019:4057

https://access.redhat.com/errata/RHSA-2019:4058

https://access.redhat.com/errata/RHSA-2019:4159

https://access.redhat.com/errata/RHSA-2019:4164

https://access.redhat.com/errata/RHSA-2019:4255

https://access.redhat.com/errata/RHSA-2020:0204

https://arxiv.org/abs/1901.01161

https://bugzilla.suse.com/show_bug.cgi?id=1120843

https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

https://seclists.org/bugtraq/2019/Jun/26

https://security.netapp.com/advisory/ntap-20190307-0001/

https://www.debian.org/security/2019/dsa-4465

https://www.oracle.com/security-alerts/cpujul2020.html

https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

Details

Source: MITRE

Published: 2019-01-07

Updated: 2020-08-24

Type: CWE-319

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (60 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
high
138539Oracle Solaris Critical Patch Update : jul2020_SRU11_4_21_69_0NessusSolaris Local Security Checks
medium
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
133462Virtuozzo 7 : readykernel-patch (VZA-2019-085)NessusVirtuozzo Local Security Checks
medium
133221RHEL 8 : kernel (RHSA-2020:0204)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
132232RHEL 6 : kernel (RHSA-2019:4255)NessusRed Hat Local Security Checks
high
131981RHEL 7 : kernel (RHSA-2019:4164)NessusRed Hat Local Security Checks
high
131980RHEL 7 : kernel (RHSA-2019:4159)NessusRed Hat Local Security Checks
high
131719RHEL 6 : MRG (RHSA-2019:4057)NessusRed Hat Local Security Checks
high
131675RHEL 7 : kernel (RHSA-2019:4058)NessusRed Hat Local Security Checks
high
131530RHEL 6 : kernel (RHSA-2019:4056)NessusRed Hat Local Security Checks
high
131375RHEL 7 : kernel (RHSA-2019:3967)NessusRed Hat Local Security Checks
high
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
high
130526RHEL 8 : kernel-rt (RHSA-2019:3309)NessusRed Hat Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
high
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
high
129284SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
129149RHEL 7 : kernel (RHSA-2019:2837)NessusRed Hat Local Security Checks
low
129145RHEL 7 : kernel-alt (RHSA-2019:2809)NessusRed Hat Local Security Checks
high
128689NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)NessusNewStart CGSL Local Security Checks
high
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
high
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
high
128032Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-067)NessusVirtuozzo Local Security Checks
high
127982Oracle Linux 6 : kernel (ELSA-2019-2473)NessusOracle Linux Local Security Checks
high
127919CentOS 6 : kernel (CESA-2019:2473)NessusCentOS Local Security Checks
high
127880Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190813)NessusScientific Linux Local Security Checks
high
127878RHEL 6 : kernel (RHSA-2019:2473)NessusRed Hat Local Security Checks
high
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
high
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
high
126240SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126045SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)NessusSuSE Local Security Checks
high
126040openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126033openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
126009Debian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125997SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1536-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125996SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125995SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125994SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125993SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125992SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125991SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125990SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)NessusSuSE Local Security Checks
high
125959Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125958Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)NessusDebian Local Security Checks
high
125667openSUSE Security Update : the Linux Kernel (openSUSE-2019-1479)NessusSuSE Local Security Checks
high
125605Amazon Linux AMI : kernel (ALAS-2019-1214)NessusAmazon Linux Local Security Checks
high
125598Amazon Linux 2 : kernel (ALAS-2019-1214)NessusAmazon Linux Local Security Checks
high
124985EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)NessusHuawei Local Security Checks
high
124834EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1512)NessusHuawei Local Security Checks
high
124430EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1303)NessusHuawei Local Security Checks
medium
124398EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)NessusHuawei Local Security Checks
high
123909EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1223)NessusHuawei Local Security Checks
medium
123907EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)NessusHuawei Local Security Checks
low
123630EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1156)NessusHuawei Local Security Checks
high
122141Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4541)NessusOracle Linux Local Security Checks
high
121605OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)NessusOracleVM Local Security Checks
high
121566Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)NessusOracle Linux Local Security Checks
low