Bug 1664110 (CVE-2019-5489) - CVE-2019-5489 Kernel: page cache side channel attacks
Summary: CVE-2019-5489 Kernel: page cache side channel attacks
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-5489
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1738875 1749334 1759671 1759672 1759673 1664111 1664196 1664197 1664198 1664199 1664200 1664201 1664202 1664203 1664204 1666258 1738876 1749336 1749337 1759670
Blocks: 1664107
TreeView+ depends on / blocked
 
Reported: 2019-01-07 17:47 UTC by Prasad J Pandit
Modified: 2019-12-03 08:25 UTC (History)
31 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.
Clone Of:
Environment:
Last Closed: 2019-08-06 13:21:23 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2029 None None None 2019-08-06 12:04:35 UTC
Red Hat Product Errata RHSA-2019:2043 None None None 2019-08-06 12:06:59 UTC
Red Hat Product Errata RHSA-2019:2473 None None None 2019-08-13 14:59:31 UTC
Red Hat Product Errata RHSA-2019:2808 None None None 2019-09-19 05:19:52 UTC
Red Hat Product Errata RHSA-2019:2809 None None None 2019-09-20 11:54:24 UTC
Red Hat Product Errata RHSA-2019:2837 None None None 2019-09-20 10:53:11 UTC
Red Hat Product Errata RHSA-2019:3309 None None None 2019-11-05 20:35:10 UTC
Red Hat Product Errata RHSA-2019:3517 None None None 2019-11-05 21:05:52 UTC
Red Hat Product Errata RHSA-2019:3967 None None None 2019-11-26 11:52:31 UTC
Red Hat Product Errata RHSA-2019:4056 None None None 2019-12-03 08:11:33 UTC
Red Hat Product Errata RHSA-2019:4057 None None None 2019-12-03 08:07:06 UTC
Red Hat Product Errata RHSA-2019:4058 None None None 2019-12-03 08:25:52 UTC

Description Prasad J Pandit 2019-01-07 17:47:35 UTC
A new software page cache side channel attack scenario was discovered
in operating systems that implement the very common 'page cache' caching mechanism. A page cache stores memory pages of running programs and/or libraries in use on a system to improve performance.

A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to :

- Reduce effectiveness of cryptographic strength by monitoring algorithmic behaviour.
- Infer access patterns of memory to determine code paths taken (ie, observe process execution patterns) 
- Exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.

Upstream patch:
----------------
  -> https://git.kernel.org/linus/574823bfab82d9d8fa47f422778043fbb4b4f50e

References:
-----------
  -> https://arxiv.org/abs/1901.01161
  -> https://www.openwall.com/lists/oss-security/2019/01/07/1

Comment 1 Prasad J Pandit 2019-01-07 17:47:53 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1664111]

Comment 6 Justin M. Forbes 2019-03-28 12:20:26 UTC
This was handled for Fedora with the 5.0 rebases.

Comment 7 Rafael Aquini 2019-05-15 17:19:25 UTC
We need to hold on with this change for now, as the commit pointed as the fix was reverted  upstream:

commit 30bac164aca750892b93eef350439a0562a68647
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu Jan 24 09:04:37 2019 +1300

    Revert "Change mincore() to count "mapped" pages rather than "cached" pages"
    
    This reverts commit 574823bfab82d9d8fa47f422778043fbb4b4f50e.




There's an upstream follow-up, recently integrated, but we still need to allow it a little bit more of soak time for a thorough assessment round:

commit 134fca9063ad4851de767d1768180e5dede9a881
Author: Jiri Kosina <jkosina@suse.cz>
Date:   Tue May 14 15:41:38 2019 -0700

    mm/mincore.c: make mincore() more conservative



I took the RHEL-related BZs, and I'll keep an eye for future changes in this regard.

-- Rafael

Comment 11 errata-xmlrpc 2019-08-06 12:04:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029

Comment 12 errata-xmlrpc 2019-08-06 12:06:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043

Comment 13 Product Security DevOps Team 2019-08-06 13:21:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-5489

Comment 15 errata-xmlrpc 2019-08-13 14:59:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473

Comment 17 errata-xmlrpc 2019-09-19 05:19:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808

Comment 18 errata-xmlrpc 2019-09-20 10:53:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837

Comment 19 errata-xmlrpc 2019-09-20 11:54:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809

Comment 23 errata-xmlrpc 2019-11-05 20:35:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309

Comment 24 errata-xmlrpc 2019-11-05 21:05:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517

Comment 26 errata-xmlrpc 2019-11-26 11:52:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967

Comment 27 errata-xmlrpc 2019-12-03 08:07:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057

Comment 28 errata-xmlrpc 2019-12-03 08:11:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056

Comment 29 errata-xmlrpc 2019-12-03 08:25:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058


Note You need to log in before you can comment on or make changes to this bug.