CVE-2019-5489

Impact:
Important
Public Date:
2019-01-06
CWE:
CWE-200
Bugzilla:
1664110: CVE-2019-5489 Kernel: page cache side channel attacks
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.

Find out more about CVE-2019-5489 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.1
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact Low
Availability Impact None

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 kernel-rt Affected
Red Hat Enterprise Linux 8 kernel Affected
Red Hat Enterprise Linux 8 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Affected
Red Hat Enterprise Linux 5 kernel Affected
Last Modified