A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A page cache stores memory pages of running programs and/or libraries in use on a system to improve performance. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to : - Reduce effectiveness of cryptographic strength by monitoring algorithmic behaviour. - Infer access patterns of memory to determine code paths taken (ie, observe process execution patterns) - Exfiltrate data to a blinded attacker through page-granularity access times as a side-channel. Upstream patch: ---------------- -> https://git.kernel.org/linus/574823bfab82d9d8fa47f422778043fbb4b4f50e References: ----------- -> https://arxiv.org/abs/1901.01161 -> https://www.openwall.com/lists/oss-security/2019/01/07/1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1664111]
This was handled for Fedora with the 5.0 rebases.
We need to hold on with this change for now, as the commit pointed as the fix was reverted upstream: commit 30bac164aca750892b93eef350439a0562a68647 Author: Linus Torvalds <torvalds> Date: Thu Jan 24 09:04:37 2019 +1300 Revert "Change mincore() to count "mapped" pages rather than "cached" pages" This reverts commit 574823bfab82d9d8fa47f422778043fbb4b4f50e. There's an upstream follow-up, recently integrated, but we still need to allow it a little bit more of soak time for a thorough assessment round: commit 134fca9063ad4851de767d1768180e5dede9a881 Author: Jiri Kosina <jkosina> Date: Tue May 14 15:41:38 2019 -0700 mm/mincore.c: make mincore() more conservative I took the RHEL-related BZs, and I'll keep an eye for future changes in this regard. -- Rafael
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-5489
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Extended Lifecycle Support Via RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.5 Extended Update Support Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967
This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Telco Extended Update Support Red Hat Enterprise Linux 7.2 Advanced Update Support Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions Via RHSA-2019:4164 https://access.redhat.com/errata/RHSA-2019:4164
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Telco Extended Update Support Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Via RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2019:4255 https://access.redhat.com/errata/RHSA-2019:4255
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204