Executive Summary

Informations
NameCVE-2019-5489First vendor Publication2019-01-07
VendorCveLast vendor Modification2019-05-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1
Os3160

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106478
BUGTRAQ https://seclists.org/bugtraq/2019/Jun/26
CONFIRM https://security.netapp.com/advisory/ntap-20190307-0001/
DEBIAN https://www.debian.org/security/2019/dsa-4465
MISC http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574...
https://arxiv.org/abs/1901.01161
https://bugzilla.suse.com/show_bug.cgi?id=1120843
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4...
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
MLIST https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2473
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
DateInformations
2019-08-14 12:10:44
  • Multiple Updates
2019-08-07 12:10:39
  • Multiple Updates
2019-07-02 15:40:11
  • Multiple Updates
2019-06-21 12:09:56
  • Multiple Updates
2019-06-19 12:10:10
  • Multiple Updates
2019-06-18 12:09:59
  • Multiple Updates
2019-06-15 12:10:41
  • Multiple Updates
2019-05-31 17:19:31
  • Multiple Updates
2019-04-24 12:08:50
  • Multiple Updates
2019-04-05 12:08:50
  • Multiple Updates
2019-03-21 21:19:23
  • Multiple Updates
2019-03-08 17:18:40
  • Multiple Updates
2019-02-16 12:09:08
  • Multiple Updates
2019-01-31 21:19:37
  • Multiple Updates
2019-01-09 17:18:52
  • Multiple Updates
2019-01-08 00:19:22
  • First insertion