Bug 1664110 (CVE-2019-5489)

Summary: CVE-2019-5489 Kernel: page cache side channel attacks
Product: [Other] Security Response Reporter: Prasad Pandit <ppandit>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, aquini, bhu, blc, brdeoliv, ddumas, dhoward, dvlasenk, fhrbata, hkrzesin, hwkernel-mgr, iboverma, jforbes, jkacur, jkalliya, jross, jstancek, kernel-mgr, lgoncalv, matt, mcressma, mlangsdo, mmilgram, mvanderw, nmurray, plougher, rt-maint, rvrbovsk, williams, wmealing, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 13:21:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1664111, 1664196, 1664197, 1664198, 1664199, 1664200, 1664201, 1664202, 1664203, 1664204, 1666258, 1738875, 1738876, 1749334, 1749336, 1749337, 1759670, 1759671, 1759672, 1759673    
Bug Blocks: 1664107    

Description Prasad Pandit 2019-01-07 17:47:35 UTC 
A new software page cache side channel attack scenario was discovered
in operating systems that implement the very common 'page cache' caching mechanism. A page cache stores memory pages of running programs and/or libraries in use on a system to improve performance.

A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to :

- Reduce effectiveness of cryptographic strength by monitoring algorithmic behaviour.
- Infer access patterns of memory to determine code paths taken (ie, observe process execution patterns) 
- Exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.

Upstream patch:
----------------
  -> https://git.kernel.org/linus/574823bfab82d9d8fa47f422778043fbb4b4f50e

References:
-----------
  -> https://arxiv.org/abs/1901.01161
  -> https://www.openwall.com/lists/oss-security/2019/01/07/1
Comment 1 Prasad Pandit 2019-01-07 17:47:53 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1664111]
Comment 6 Justin M. Forbes 2019-03-28 12:20:26 UTC 
This was handled for Fedora with the 5.0 rebases.
Comment 7 Rafael Aquini 2019-05-15 17:19:25 UTC 
We need to hold on with this change for now, as the commit pointed as the fix was reverted  upstream:

commit 30bac164aca750892b93eef350439a0562a68647
Author: Linus Torvalds <torvalds>
Date:   Thu Jan 24 09:04:37 2019 +1300

    Revert "Change mincore() to count "mapped" pages rather than "cached" pages"
    
    This reverts commit 574823bfab82d9d8fa47f422778043fbb4b4f50e.




There's an upstream follow-up, recently integrated, but we still need to allow it a little bit more of soak time for a thorough assessment round:

commit 134fca9063ad4851de767d1768180e5dede9a881
Author: Jiri Kosina <jkosina>
Date:   Tue May 14 15:41:38 2019 -0700

    mm/mincore.c: make mincore() more conservative



I took the RHEL-related BZs, and I'll keep an eye for future changes in this regard.

-- Rafael
Comment 11 errata-xmlrpc 2019-08-06 12:04:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
Comment 12 errata-xmlrpc 2019-08-06 12:06:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043
Comment 13 Product Security DevOps Team 2019-08-06 13:21:23 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-5489
Comment 15 errata-xmlrpc 2019-08-13 14:59:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473
Comment 17 errata-xmlrpc 2019-09-19 05:19:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808
Comment 18 errata-xmlrpc 2019-09-20 10:53:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837
Comment 19 errata-xmlrpc 2019-09-20 11:54:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809
Comment 23 errata-xmlrpc 2019-11-05 20:35:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
Comment 24 errata-xmlrpc 2019-11-05 21:05:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
Comment 26 errata-xmlrpc 2019-11-26 11:52:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967
Comment 27 errata-xmlrpc 2019-12-03 08:07:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057
Comment 28 errata-xmlrpc 2019-12-03 08:11:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056
Comment 29 errata-xmlrpc 2019-12-03 08:25:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058
Comment 30 errata-xmlrpc 2019-12-10 11:52:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:4164 https://access.redhat.com/errata/RHSA-2019:4164
Comment 31 errata-xmlrpc 2019-12-10 11:58:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159
Comment 32 errata-xmlrpc 2019-12-17 09:38:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:4255 https://access.redhat.com/errata/RHSA-2019:4255
Comment 34 errata-xmlrpc 2020-01-22 21:26:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204