PT-2019-1115 · Linux+5 · Linux Kernel+5

Publicado

2019-01-06

·

Atualizado

2025-09-29

·

CVE-2019-5489

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 4.19.13
Description: The issue is related to the mincore() function in the Linux kernel, which lacks protection of internal data. This could allow an attacker to disclose protected information by observing page cache access patterns of other processes on the same system. Limited remote exploitation may be possible, potentially allowing the sniffing of secret information. The vulnerability could be exploited to conduct a page-cache side-channel attack, enabling the attacker to view page-cache access patterns and access sensitive information.
Recommendations: For Linux kernel versions through 4.19.13, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to sensitive information and limiting the use of the mincore() function until a patch is available.

Exploit

Correção

Cleartext Transmission of Sensitive Information

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-319CWE-200

Identificadores relacionados

ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2019-1046
ALT-PU-2019-1139
ALT-PU-2019-1433
BDU:2019-00067
CESA-2019_2029
CESA-2019_2473
CESA-2019_3309
CESA-2019_3517
CVE-2019-5489
DLA-1823-1
DLA-1824-1
DSA-4465-1
ELSA-2019-2029
ELSA-2019-2473
ELSA-2019-3517
ELSA-2019-4528
ELSA-2019-4541
ELSA-2023-12232
OPENSUSE-SU-2019:1479-1
OPENSUSE-SU-2019:1579-1
OPENSUSE-SU-2019_1479-1
OPENSUSE-SU-2019_1570-1
OPENSUSE-SU-2019_1579-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:2473
RHSA-2019:2808
RHSA-2019:2809
RHSA-2019:2837
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019:3967
RHSA-2019:4056
RHSA-2019:4057
RHSA-2019:4058
RHSA-2019:4159
RHSA-2019:4164
RHSA-2019:4255
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_2473
RHSA-2019_2808
RHSA-2019_3309
RHSA-2019_3517
RHSA-2020:0204
SUSE-SU-2019:14089-1
SUSE-SU-2019:1527-1
SUSE-SU-2019:1529-1
SUSE-SU-2019:1530-1
SUSE-SU-2019:1532-1
SUSE-SU-2019:1533-1
SUSE-SU-2019:1534-1
SUSE-SU-2019:1535-1
SUSE-SU-2019:1536-1
SUSE-SU-2019:1550-1
SUSE-SU-2019:1692-1
SUSE-SU-2019:2430-1
SUSE-SU-2019_14089-1
SUSE-SU-2019_1527-1
SUSE-SU-2019_1529-1
SUSE-SU-2019_1530-1
SUSE-SU-2019_1532-1
SUSE-SU-2019_1533-1
SUSE-SU-2019_1534-1
SUSE-SU-2019_1535-1
SUSE-SU-2019_1536-1
SUSE-SU-2019_1550-1
SUSE-SU-2019_1692-1
SUSE-SU-2019_2430-1

Produtos afetados

Alt Linux
Centos
Huawei Vrp
Linux Kernel
Red Hat
Suse