The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Netapp
  • Active Iq Performance Analytics Services
  • Element Software Management Node
Redhat
  • Enterprise Linux
  • Enterprise Mrg
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Extras Rt
  • Rhel Tus

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5 Extended Lifecycle Support
kernel-0:2.6.18-439.el5 cpe:/o:redhat:rhel_els:5 RHSA-2019:2808 2019-09-19T00:00:00Z
Red Hat Enterprise Linux 6
kernel-0:2.6.32-754.18.2.el6 cpe:/o:redhat:enterprise_linux:6 RHSA-2019:2473 2019-08-13T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.97.1.el6 cpe:/o:redhat:rhel_aus:6.5 RHSA-2019:4056 2019-12-03T00:00:00Z
Red Hat Enterprise Linux 6.6 Advanced Update Support
kernel-0:2.6.32-504.82.1.el6 cpe:/o:redhat:rhel_aus:6.6 RHSA-2019:4255 2019-12-17T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1062.rt56.1022.el7 cpe:/a:redhat:rhel_extras_rt:7 RHSA-2019:2043 2019-08-07T00:00:00Z
kernel-0:3.10.0-1062.el7 cpe:/o:redhat:enterprise_linux:7 RHSA-2019:2029 2019-08-06T00:00:00Z
kernel-alt-0:4.14.0-115.12.1.el7a cpe:/o:redhat:enterprise_linux:7 RHSA-2019:2809 2019-09-20T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.83.1.el7 cpe:/o:redhat:rhel_aus:7.2 RHSA-2019:4164 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.2 Telco Extended Update Support
kernel-0:3.10.0-327.83.1.el7 cpe:/o:redhat:rhel_tus:7.2 RHSA-2019:4164 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
kernel-0:3.10.0-327.83.1.el7 cpe:/o:redhat:rhel_e4s:7.2 RHSA-2019:4164 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.71.1.el7 cpe:/o:redhat:rhel_aus:7.3 RHSA-2019:4159 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.3 Telco Extended Update Support
kernel-0:3.10.0-514.71.1.el7 cpe:/o:redhat:rhel_tus:7.3 RHSA-2019:4159 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions
kernel-0:3.10.0-514.71.1.el7 cpe:/o:redhat:rhel_e4s:7.3 RHSA-2019:4159 2019-12-10T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
kernel-0:3.10.0-693.61.1.el7 cpe:/o:redhat:rhel_aus:7.4 RHSA-2019:4058 2019-12-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
kernel-0:3.10.0-693.61.1.el7 cpe:/o:redhat:rhel_tus:7.4 RHSA-2019:4058 2019-12-03T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
kernel-0:3.10.0-693.61.1.el7 cpe:/o:redhat:rhel_e4s:7.4 RHSA-2019:4058 2019-12-03T00:00:00Z
Red Hat Enterprise Linux 7.5 Extended Update Support
kernel-0:3.10.0-862.44.2.el7 cpe:/o:redhat:rhel_eus:7.5 RHSA-2019:3967 2019-11-26T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
kernel-0:3.10.0-957.35.1.el7 cpe:/o:redhat:rhel_eus:7.6 RHSA-2019:2837 2019-09-20T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-147.rt24.93.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2019:3309 2019-11-05T00:00:00Z
kernel-0:4.18.0-147.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2019:3517 2019-11-05T00:00:00Z
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions
kernel-0:4.18.0-80.15.1.el8_0 cpe:/o:redhat:rhel_e4s:8.0 RHSA-2020:0204 2020-01-22T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-693.61.1.rt56.656.el6rt cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2019:4057 2019-12-03T00:00:00Z
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS
kernel-0:3.10.0-957.35.1.el7 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2019:2837 2019-09-20T00:00:00Z
References
Link Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html cve-icon cve-icon
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en cve-icon cve-icon
http://www.securityfocus.com/bid/106478 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2029 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2043 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2473 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2808 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2809 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:2837 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3309 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3517 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:3967 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4056 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4057 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4058 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4159 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4164 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2019:4255 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2020:0204 cve-icon cve-icon
https://arxiv.org/abs/1901.01161 cve-icon cve-icon
https://bugzilla.suse.com/show_bug.cgi?id=1120843 cve-icon cve-icon
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-5489 cve-icon
https://seclists.org/bugtraq/2019/Jun/26 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20190307-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-5489 cve-icon
https://www.debian.org/security/2019/dsa-4465 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2020.html cve-icon cve-icon
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/ cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-07T18:00:00

Updated: 2024-08-04T19:54:53.490Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5489

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-07T17:29:00.470

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-5489

cve-icon Redhat

Severity : Important

Publid Date: 2019-01-06T00:00:00Z

Links: CVE-2019-5489 - Bugzilla