Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-5489

Disclosure Date: January 07, 2019
CVE-2019-5489 CVSS v3 Base Score: 5.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • linux,
  • netapp

Products

  • active iq performance analytics services -,
  • element software management node -,
  • linux kernel

References

Canonical
CVE-2019-5489 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489)
BID-106478 (http://www.securityfocus.com/bid/106478)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
DSA-4465 (https://www.debian.org/security/2019/dsa-4465)
[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html)
[debian-lts-announce] 20190618 [SECURITY] [DLA 1824-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
20190618 [SECURITY] [DSA 4465-1] linux security update (https://seclists.org/bugtraq/2019/Jun/26)
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2473
https://access.redhat.com/errata/RHSA-2019:2808
https://access.redhat.com/errata/RHSA-2019:2837
https://access.redhat.com/errata/RHSA-2019:2809
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
https://access.redhat.com/errata/RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2019:4057
https://access.redhat.com/errata/RHSA-2019:4056
https://access.redhat.com/errata/RHSA-2019:4159
https://access.redhat.com/errata/RHSA-2019:4164
https://access.redhat.com/errata/RHSA-2019:4255
https://access.redhat.com/errata/RHSA-2020:0204
https://security.netapp.com/advisory/ntap-20190307-0001
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en
Miscellaneous
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache
https://bugzilla.suse.com/show_bug.cgi?id=1120843
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
https://arxiv.org/abs/1901.01161
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis