Bug 1664110 (CVE-2019-5489) - CVE-2019-5489 Kernel: page cache side channel attacks
Summary: CVE-2019-5489 Kernel: page cache side channel attacks
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-5489
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1664111 1664196 1664197 1664198 1664199 1664200 1664201 1664202 1664203 1664204 1666258 1738875 1738876 1749334 1749336 1749337 1759670 1759671 1759672 1759673
Blocks: 1664107
TreeView+ depends on / blocked
 
Reported: 2019-01-07 17:47 UTC by Prasad Pandit
Modified: 2023-03-24 14:28 UTC (History)
31 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.
Clone Of:
Environment:
Last Closed: 2019-08-06 13:21:23 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:2029 0 None None None 2019-08-06 12:04:35 UTC
Red Hat Product Errata RHSA-2019:2043 0 None None None 2019-08-06 12:06:59 UTC
Red Hat Product Errata RHSA-2019:2473 0 None None None 2019-08-13 14:59:31 UTC
Red Hat Product Errata RHSA-2019:2808 0 None None None 2019-09-19 05:19:52 UTC
Red Hat Product Errata RHSA-2019:2809 0 None None None 2019-09-20 11:54:24 UTC
Red Hat Product Errata RHSA-2019:2837 0 None None None 2019-09-20 10:53:11 UTC
Red Hat Product Errata RHSA-2019:3309 0 None None None 2019-11-05 20:35:10 UTC
Red Hat Product Errata RHSA-2019:3517 0 None None None 2019-11-05 21:05:52 UTC
Red Hat Product Errata RHSA-2019:3967 0 None None None 2019-11-26 11:52:31 UTC
Red Hat Product Errata RHSA-2019:4056 0 None None None 2019-12-03 08:11:33 UTC
Red Hat Product Errata RHSA-2019:4057 0 None None None 2019-12-03 08:07:06 UTC
Red Hat Product Errata RHSA-2019:4058 0 None None None 2019-12-03 08:25:52 UTC
Red Hat Product Errata RHSA-2019:4159 0 None None None 2019-12-10 11:58:44 UTC
Red Hat Product Errata RHSA-2019:4164 0 None None None 2019-12-10 11:52:24 UTC
Red Hat Product Errata RHSA-2019:4255 0 None None None 2019-12-17 09:38:31 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:24:49 UTC

Description Prasad Pandit 2019-01-07 17:47:35 UTC
A new software page cache side channel attack scenario was discovered
in operating systems that implement the very common 'page cache' caching mechanism. A page cache stores memory pages of running programs and/or libraries in use on a system to improve performance.

A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to :

- Reduce effectiveness of cryptographic strength by monitoring algorithmic behaviour.
- Infer access patterns of memory to determine code paths taken (ie, observe process execution patterns) 
- Exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.

Upstream patch:
----------------
  -> https://git.kernel.org/linus/574823bfab82d9d8fa47f422778043fbb4b4f50e

References:
-----------
  -> https://arxiv.org/abs/1901.01161
  -> https://www.openwall.com/lists/oss-security/2019/01/07/1

Comment 1 Prasad Pandit 2019-01-07 17:47:53 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1664111]

Comment 6 Justin M. Forbes 2019-03-28 12:20:26 UTC
This was handled for Fedora with the 5.0 rebases.

Comment 7 Rafael Aquini 2019-05-15 17:19:25 UTC
We need to hold on with this change for now, as the commit pointed as the fix was reverted  upstream:

commit 30bac164aca750892b93eef350439a0562a68647
Author: Linus Torvalds <torvalds>
Date:   Thu Jan 24 09:04:37 2019 +1300

    Revert "Change mincore() to count "mapped" pages rather than "cached" pages"
    
    This reverts commit 574823bfab82d9d8fa47f422778043fbb4b4f50e.




There's an upstream follow-up, recently integrated, but we still need to allow it a little bit more of soak time for a thorough assessment round:

commit 134fca9063ad4851de767d1768180e5dede9a881
Author: Jiri Kosina <jkosina>
Date:   Tue May 14 15:41:38 2019 -0700

    mm/mincore.c: make mincore() more conservative



I took the RHEL-related BZs, and I'll keep an eye for future changes in this regard.

-- Rafael

Comment 11 errata-xmlrpc 2019-08-06 12:04:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029

Comment 12 errata-xmlrpc 2019-08-06 12:06:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043

Comment 13 Product Security DevOps Team 2019-08-06 13:21:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-5489

Comment 15 errata-xmlrpc 2019-08-13 14:59:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:2473 https://access.redhat.com/errata/RHSA-2019:2473

Comment 17 errata-xmlrpc 2019-09-19 05:19:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5 Extended Lifecycle Support

Via RHSA-2019:2808 https://access.redhat.com/errata/RHSA-2019:2808

Comment 18 errata-xmlrpc 2019-09-20 10:53:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:2837 https://access.redhat.com/errata/RHSA-2019:2837

Comment 19 errata-xmlrpc 2019-09-20 11:54:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:2809

Comment 23 errata-xmlrpc 2019-11-05 20:35:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309

Comment 24 errata-xmlrpc 2019-11-05 21:05:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517

Comment 26 errata-xmlrpc 2019-11-26 11:52:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967

Comment 27 errata-xmlrpc 2019-12-03 08:07:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2019:4057 https://access.redhat.com/errata/RHSA-2019:4057

Comment 28 errata-xmlrpc 2019-12-03 08:11:30 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.5 Advanced Update Support

Via RHSA-2019:4056 https://access.redhat.com/errata/RHSA-2019:4056

Comment 29 errata-xmlrpc 2019-12-03 08:25:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058

Comment 30 errata-xmlrpc 2019-12-10 11:52:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Telco Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions

Via RHSA-2019:4164 https://access.redhat.com/errata/RHSA-2019:4164

Comment 31 errata-xmlrpc 2019-12-10 11:58:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Telco Extended Update Support
  Red Hat Enterprise Linux 7.3 Advanced Update Support
  Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions

Via RHSA-2019:4159 https://access.redhat.com/errata/RHSA-2019:4159

Comment 32 errata-xmlrpc 2019-12-17 09:38:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.6 Advanced Update Support

Via RHSA-2019:4255 https://access.redhat.com/errata/RHSA-2019:4255

Comment 34 errata-xmlrpc 2020-01-22 21:26:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204


Note You need to log in before you can comment on or make changes to this bug.