Home > Vulnerability Database > CVE-2019-5489

Mend.io Vulnerability Database

CVE-2019-5489

Good to know:

Date: January 7, 2019

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Language: C

Severity Score

5.5

Related Resources (37)

Url: https://access.redhat.com/errata/RHSA-2019:2029

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-5489

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Url: https://access.redhat.com/errata/RHSA-2019:4164

Url: https://access.redhat.com/errata/RHSA-2019:2043

Url: https://bugzilla.suse.com/show_bug.cgi?id=1120843

Url: https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Url: https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e

Url: https://seclists.org/bugtraq/2019/Jun/26

Url: https://www.debian.org/security/2019/dsa-4465

Url: https://access.redhat.com/errata/RHSA-2019:3309

Url: https://access.redhat.com/security/cve/CVE-2019-5489

Url: https://www.oracle.com/security-alerts/cpujul2020.html

Url: https://access.redhat.com/errata/RHSA-2019:3967

Url: https://access.redhat.com/errata/RHSA-2019:2837

Url: https://access.redhat.com/errata/RHSA-2019:2473

Url: https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/

Url: http://www.securityfocus.com/bid/106478

Url: https://access.redhat.com/errata/RHSA-2019:4057

Url: https://access.redhat.com/errata/RHSA-2019:4255

Url: https://security-tracker.debian.org/tracker/CVE-2019-5489

Url: https://access.redhat.com/errata/RHSA-2019:4058

Url: https://access.redhat.com/errata/RHSA-2019:4159

Url: https://access.redhat.com/errata/RHSA-2019:4056

Url: https://security.netapp.com/advisory/ntap-20190307-0001/

Url: https://access.redhat.com/errata/RHSA-2020:0204

Url: https://access.redhat.com/errata/RHSA-2019:2809

Url: https://access.redhat.com/errata/RHSA-2019:2808

Url: http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Url: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en

Url: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-5489

Url: https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

Url: https://access.redhat.com/errata/RHSA-2019:3517

Url: https://arxiv.org/abs/1901.01161

Url: https://www.mend.io/vulnerability-database/CVE-2019-5489

Severity Score

5.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Cleartext Transmission of Sensitive Information

CWE-319

Top Fix

Upgrade Version

Upgrade to version linux - 4.20.1.arch1-1;linux-yocto - 4.8.26+gitAUTOINC+1c60e003c7_27efc3ba68

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-5489

Good to know:

Date: January 7, 2019

Language: C

Severity Score

Related Resources (37)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?