Main Vulnerability Database SB2019010909

SB2019010909 - Information disclosure in Linux Kernel

Published: January 9, 2019

Security Bulletin ID SB2019010909

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2019-5489)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a flaw in the mincore() implementation in mm/mincore.c. A local attacker can observe page cache access patterns of other processes on the same system and sniff secret information.

Remediation

Install update from vendor's website.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/