ASA-2019-00034 – OpenBSD: The mincore() system call can be used to observe memory access patterns of other processes


Allele Security Alert

ASA-2019-00034

Identifier(s)

ASA-2019-00034

Title

The mincore() system call can be used to observe memory access patterns of other processes

Vendor(s)

The OpenBSD Project

Product(s)

OpenBSD

Affected version(s)

OpenBSD 6.4 before errata 011
OpenBSD 6.3 before errata 028

Fixed version(s)

OpenBSD 6.4 errata 011
OpenBSD 6.3 errata 028

Proof of concept

Unknown

Description

The mincore() system call can be used to observe memory access patterns of other processes.

Technical details

Unknown

Credits

Unknown

Reference(s)

OpenBSD 6.4 Errata
https://www.openbsd.org/errata64.html

OpenBSD 6.3 Errata
https://www.openbsd.org/errata63.html

OpenBSD 6.4 errata 011, January 27, 2019:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.4/common/011_mincore.patch.sig

OpenBSD 6.3 errata 028, February 5, 2019:
https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/028_mincore.patch.sig

OpenBSD Errata: January 27th, 2019 (mincore)
https://marc.info/?l=openbsd-announce&m=154853979005673&w=2

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 28, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.