CVE-2019-5489

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Published : 2019-01-07 17:29 Updated : 2019-05-31 12:29

2.1
CVSS Score More info
Score 2.1 / 10
2.1
Vendor Product Version URI
Linux Linux Kernel 4.19.13 cpe:/o:linux:linux_kernel:4.19.13
Netapp Active Iq Performance Analytics Services - cpe:/a:netapp:active_iq_performance_analytics_services:-
Netapp Element Software Management Node - cpe:/a:netapp:element_software_management_node:-
  1. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 4.19.13
  2. Netapp (2) Search CVE
    1. Element Software Management Node (1) Search CVE
      1. -
    2. Active Iq Performance Analytics Services (1) Search CVE
      1. -

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes