Bug 1664110 (CVE-2019-5489)
Summary: | CVE-2019-5489 Kernel: page cache side channel attacks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Prasad Pandit <ppandit> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, aquini, bhu, blc, brdeoliv, ddumas, dhoward, dvlasenk, fhrbata, hkrzesin, hwkernel-mgr, iboverma, jforbes, jkacur, jkalliya, jross, jstancek, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, mmilgram, mvanderw, nmurray, plougher, rt-maint, rvrbovsk, williams, wmealing, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-08-06 13:21:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1664111, 1664196, 1664197, 1664198, 1664199, 1664200, 1664201, 1664202, 1664203, 1664204, 1666258, 1738875, 1738876, 1749334, 1749336, 1749337, 1759670, 1759671, 1759672, 1759673 | ||
Bug Blocks: | 1664107 |
Description
Prasad Pandit
2019-01-07 17:47:35 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1664111] This was handled for Fedora with the 5.0 rebases. We need to hold on with this change for now, as the commit pointed as the fix was reverted upstream: commit 30bac164aca750892b93eef350439a0562a68647 Author: Linus Torvalds <torvalds> Date: Thu Jan 24 09:04:37 2019 +1300 Revert "Change mincore() to count "mapped" pages rather than "cached" pages" This reverts commit 574823bfab82d9d8fa47f422778043fbb4b4f50e. There's an upstream follow-up, recently integrated, but we still need to allow it a little bit more of soak time for a thorough assessment round: commit 134fca9063ad4851de767d1768180e5dede9a881 Author: Jiri Kosina <jkosina> Date: Tue May 14 15:41:38 2019 -0700 mm/mincore.c: make mincore() more conservative I took the RHEL-related BZs, and I'll keep an eye for future changes in this regard. -- Rafael This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-5489 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473 This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:4164 https://access.redhat.com/errata/RHSA-2019:4164 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:4255 https://access.redhat.com/errata/RHSA-2019:4255 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 |