Allele Security Alert
ASA-2019-00004
Identifier(s)
ASA-2019-00004, CVE-2019-5489
Title
Page cache side channel attacks through mincore() system call
Vendor(s)
Linux foundation
Product(s)
Linux
Affected version(s)
All Linux versions released since 2.3.5
Fixed version(s)
Linux v5.0-rc1
Proof of concept
Unknown
Description
A flaw was found in the ability to misuse cache data to manipulate or understand application state to reveal algorithmic secrets that are intended to be privileged information.
Technical details
Unknown
Credits
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu and Anders Fogh
Reference(s)
New pagecache based sidechannel attack published
https://seclists.org/oss-sec/2019/q1/27
CVE-2019-5489 – Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2019-5489
Bug 1120843 – (CVE-2019-5489) VUL-0: CVE-2019-5489: kernel-source: new pagecache side-channel attack
https://bugzilla.suse.com/show_bug.cgi?id=1120843
Page Cache Attacks
https://arxiv.org/abs/1901.01161
Change mincore() to count “mapped” pages rather than “cached” pages
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
Change mincore() to count “mapped” pages rather than “cached” pages
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
CVE-2019-5489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489
CVE-2019-5489
https://nvd.nist.gov/vuln/detail/CVE-2019-5489
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: January 8, 2019