The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.
Weakness
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 4.19.13 (including) |
| Red Hat Enterprise Linux 5 Extended Lifecycle Support | RedHat | kernel-0:2.6.18-439.el5 | * |
| Red Hat Enterprise Linux 6 | RedHat | kernel-0:2.6.32-754.18.2.el6 | * |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | RedHat | kernel-0:2.6.32-431.97.1.el6 | * |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | RedHat | kernel-0:2.6.32-504.82.1.el6 | * |
| Red Hat Enterprise Linux 7 | RedHat | kernel-rt-0:3.10.0-1062.rt56.1022.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | kernel-0:3.10.0-1062.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | kernel-alt-0:4.14.0-115.12.1.el7a | * |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | RedHat | kernel-0:3.10.0-327.83.1.el7 | * |
| Red Hat Enterprise Linux 7.2 Telco Extended Update Support | RedHat | kernel-0:3.10.0-327.83.1.el7 | * |
| Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions | RedHat | kernel-0:3.10.0-327.83.1.el7 | * |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | RedHat | kernel-0:3.10.0-514.71.1.el7 | * |
| Red Hat Enterprise Linux 7.3 Telco Extended Update Support | RedHat | kernel-0:3.10.0-514.71.1.el7 | * |
| Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions | RedHat | kernel-0:3.10.0-514.71.1.el7 | * |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | RedHat | kernel-0:3.10.0-693.61.1.el7 | * |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | RedHat | kernel-0:3.10.0-693.61.1.el7 | * |
| Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions | RedHat | kernel-0:3.10.0-693.61.1.el7 | * |
| Red Hat Enterprise Linux 7.5 Extended Update Support | RedHat | kernel-0:3.10.0-862.44.2.el7 | * |
| Red Hat Enterprise Linux 7.6 Extended Update Support | RedHat | kernel-0:3.10.0-957.35.1.el7 | * |
| Red Hat Enterprise Linux 8 | RedHat | kernel-rt-0:4.18.0-147.rt24.93.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-147.el8 | * |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | RedHat | kernel-0:4.18.0-80.15.1.el8_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | kernel-rt-1:3.10.0-693.61.1.rt56.656.el6rt | * |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | RedHat | kernel-0:3.10.0-957.35.1.el7 | * |
| Linux | Ubuntu | bionic | * |
| Linux | Ubuntu | cosmic | * |
| Linux | Ubuntu | disco | * |
| Linux | Ubuntu | esm-infra-legacy/trusty | * |
| Linux | Ubuntu | esm-infra/bionic | * |
| Linux | Ubuntu | esm-infra/xenial | * |
| Linux | Ubuntu | precise/esm | * |
| Linux | Ubuntu | trusty | * |
| Linux | Ubuntu | trusty/esm | * |
| Linux | Ubuntu | upstream | * |
| Linux | Ubuntu | xenial | * |
| Linux-aws | Ubuntu | bionic | * |
| Linux-aws | Ubuntu | cosmic | * |
| Linux-aws | Ubuntu | disco | * |
| Linux-aws | Ubuntu | esm-infra-legacy/trusty | * |
| Linux-aws | Ubuntu | esm-infra/bionic | * |
| Linux-aws | Ubuntu | esm-infra/xenial | * |
| Linux-aws | Ubuntu | trusty | * |
| Linux-aws | Ubuntu | trusty/esm | * |
| Linux-aws | Ubuntu | upstream | * |
| Linux-aws | Ubuntu | xenial | * |
| Linux-aws-5.0 | Ubuntu | upstream | * |
| Linux-aws-5.15 | Ubuntu | upstream | * |
| Linux-aws-5.4 | Ubuntu | upstream | * |
| Linux-aws-6.14 | Ubuntu | upstream | * |
| Linux-aws-6.8 | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | fips-updates/bionic | * |
| Linux-aws-fips | Ubuntu | fips/bionic | * |
| Linux-aws-fips | Ubuntu | trusty | * |
| Linux-aws-fips | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | xenial | * |
| Linux-aws-hwe | Ubuntu | esm-infra/xenial | * |
| Linux-aws-hwe | Ubuntu | upstream | * |
| Linux-aws-hwe | Ubuntu | xenial | * |
| Linux-azure | Ubuntu | bionic | * |
| Linux-azure | Ubuntu | cosmic | * |
| Linux-azure | Ubuntu | disco | * |
| Linux-azure | Ubuntu | esm-infra-legacy/trusty | * |
| Linux-azure | Ubuntu | esm-infra/bionic | * |
| Linux-azure | Ubuntu | esm-infra/xenial | * |
| Linux-azure | Ubuntu | trusty | * |
| Linux-azure | Ubuntu | trusty/esm | * |
| Linux-azure | Ubuntu | upstream | * |
| Linux-azure | Ubuntu | xenial | * |
| Linux-azure-4.15 | Ubuntu | upstream | * |
| Linux-azure-5.15 | Ubuntu | upstream | * |
| Linux-azure-5.3 | Ubuntu | upstream | * |
| Linux-azure-5.4 | Ubuntu | upstream | * |
| Linux-azure-6.11 | Ubuntu | upstream | * |
| Linux-azure-6.14 | Ubuntu | upstream | * |
| Linux-azure-6.8 | Ubuntu | upstream | * |
| Linux-azure-edge | Ubuntu | bionic | * |
| Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
| Linux-azure-edge | Ubuntu | upstream | * |
| Linux-azure-fde | Ubuntu | esm-infra/focal | * |
| Linux-azure-fde | Ubuntu | focal | * |
| Linux-azure-fde | Ubuntu | upstream | * |
| Linux-azure-fde-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-azure-fde-5.15 | Ubuntu | focal | * |
| Linux-azure-fde-5.15 | Ubuntu | upstream | * |
| Linux-azure-fde-6.14 | Ubuntu | upstream | * |
| Linux-azure-fde-6.8 | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | fips-updates/bionic | * |
| Linux-azure-fips | Ubuntu | fips/bionic | * |
| Linux-azure-fips | Ubuntu | trusty | * |
| Linux-azure-fips | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | xenial | * |
| Linux-azure-nvidia | Ubuntu | upstream | * |
| Linux-azure-nvidia-6.14 | Ubuntu | upstream | * |
| Linux-bluefield | Ubuntu | upstream | * |
| Linux-euclid | Ubuntu | upstream | * |
| Linux-euclid | Ubuntu | xenial | * |
| Linux-fips | Ubuntu | fips-updates/xenial | * |
| Linux-fips | Ubuntu | fips/bionic | * |
| Linux-fips | Ubuntu | fips/xenial | * |
| Linux-fips | Ubuntu | upstream | * |
| Linux-flo | Ubuntu | trusty | * |
| Linux-flo | Ubuntu | upstream | * |
| Linux-flo | Ubuntu | xenial | * |
| Linux-gcp | Ubuntu | bionic | * |
| Linux-gcp | Ubuntu | cosmic | * |
| Linux-gcp | Ubuntu | disco | * |
| Linux-gcp | Ubuntu | esm-infra/bionic | * |
| Linux-gcp | Ubuntu | esm-infra/xenial | * |
| Linux-gcp | Ubuntu | upstream | * |
| Linux-gcp | Ubuntu | xenial | * |
| Linux-gcp-4.15 | Ubuntu | upstream | * |
| Linux-gcp-5.15 | Ubuntu | upstream | * |
| Linux-gcp-5.3 | Ubuntu | upstream | * |
| Linux-gcp-5.4 | Ubuntu | upstream | * |
| Linux-gcp-6.11 | Ubuntu | upstream | * |
| Linux-gcp-6.14 | Ubuntu | upstream | * |
| Linux-gcp-6.8 | Ubuntu | upstream | * |
| Linux-gcp-edge | Ubuntu | bionic | * |
| Linux-gcp-edge | Ubuntu | esm-infra/bionic | * |
| Linux-gcp-edge | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | fips/bionic | * |
| Linux-gcp-fips | Ubuntu | trusty | * |
| Linux-gcp-fips | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | xenial | * |
| Linux-gke | Ubuntu | esm-infra/focal | * |
| Linux-gke | Ubuntu | focal | * |
| Linux-gke | Ubuntu | upstream | * |
| Linux-gke | Ubuntu | xenial | * |
| Linux-gke-4.15 | Ubuntu | bionic | * |
| Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
| Linux-gke-4.15 | Ubuntu | upstream | * |
| Linux-gke-5.0 | Ubuntu | bionic | * |
| Linux-gke-5.0 | Ubuntu | upstream | * |
| Linux-gkeop | Ubuntu | upstream | * |
| Linux-gkeop-5.15 | Ubuntu | upstream | * |
| Linux-goldfish | Ubuntu | trusty | * |
| Linux-goldfish | Ubuntu | upstream | * |
| Linux-goldfish | Ubuntu | xenial | * |
| Linux-grouper | Ubuntu | trusty | * |
| Linux-grouper | Ubuntu | upstream | * |
| Linux-hwe | Ubuntu | bionic | * |
| Linux-hwe | Ubuntu | esm-infra/bionic | * |
| Linux-hwe | Ubuntu | esm-infra/xenial | * |
| Linux-hwe | Ubuntu | upstream | * |
| Linux-hwe | Ubuntu | xenial | * |
| Linux-hwe-5.15 | Ubuntu | upstream | * |
| Linux-hwe-5.4 | Ubuntu | upstream | * |
| Linux-hwe-6.11 | Ubuntu | upstream | * |
| Linux-hwe-6.14 | Ubuntu | upstream | * |
| Linux-hwe-6.8 | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | bionic | * |
| Linux-hwe-edge | Ubuntu | esm-infra/bionic | * |
| Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
| Linux-hwe-edge | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | xenial | * |
| Linux-ibm | Ubuntu | upstream | * |
| Linux-ibm-5.15 | Ubuntu | upstream | * |
| Linux-ibm-5.4 | Ubuntu | upstream | * |
| Linux-ibm-6.8 | Ubuntu | upstream | * |
| Linux-intel | Ubuntu | upstream | * |
| Linux-intel-iot-realtime | Ubuntu | jammy | * |
| Linux-intel-iot-realtime | Ubuntu | upstream | * |
| Linux-intel-iotg | Ubuntu | upstream | * |
| Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
| Linux-iot | Ubuntu | upstream | * |
| Linux-kvm | Ubuntu | bionic | * |
| Linux-kvm | Ubuntu | cosmic | * |
| Linux-kvm | Ubuntu | disco | * |
| Linux-kvm | Ubuntu | esm-infra/bionic | * |
| Linux-kvm | Ubuntu | esm-infra/xenial | * |
| Linux-kvm | Ubuntu | upstream | * |
| Linux-kvm | Ubuntu | xenial | * |
| Linux-lowlatency | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.11 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
| Linux-lts-trusty | Ubuntu | precise/esm | * |
| Linux-lts-trusty | Ubuntu | upstream | * |
| Linux-lts-utopic | Ubuntu | trusty | * |
| Linux-lts-utopic | Ubuntu | trusty/esm | * |
| Linux-lts-utopic | Ubuntu | upstream | * |
| Linux-lts-vivid | Ubuntu | trusty | * |
| Linux-lts-vivid | Ubuntu | trusty/esm | * |
| Linux-lts-vivid | Ubuntu | upstream | * |
| Linux-lts-wily | Ubuntu | trusty | * |
| Linux-lts-wily | Ubuntu | trusty/esm | * |
| Linux-lts-wily | Ubuntu | upstream | * |
| Linux-lts-xenial | Ubuntu | esm-infra-legacy/trusty | * |
| Linux-lts-xenial | Ubuntu | trusty | * |
| Linux-lts-xenial | Ubuntu | trusty/esm | * |
| Linux-lts-xenial | Ubuntu | upstream | * |
| Linux-maguro | Ubuntu | trusty | * |
| Linux-maguro | Ubuntu | upstream | * |
| Linux-mako | Ubuntu | trusty | * |
| Linux-mako | Ubuntu | upstream | * |
| Linux-mako | Ubuntu | xenial | * |
| Linux-manta | Ubuntu | trusty | * |
| Linux-manta | Ubuntu | upstream | * |
| Linux-nvidia | Ubuntu | upstream | * |
| Linux-nvidia-6.11 | Ubuntu | upstream | * |
| Linux-nvidia-6.5 | Ubuntu | upstream | * |
| Linux-nvidia-6.8 | Ubuntu | upstream | * |
| Linux-nvidia-lowlatency | Ubuntu | upstream | * |
| Linux-nvidia-tegra | Ubuntu | upstream | * |
| Linux-nvidia-tegra-5.15 | Ubuntu | upstream | * |
| Linux-nvidia-tegra-igx | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | bionic | * |
| Linux-oem | Ubuntu | cosmic | * |
| Linux-oem | Ubuntu | disco | * |
| Linux-oem | Ubuntu | eoan | * |
| Linux-oem | Ubuntu | esm-infra/bionic | * |
| Linux-oem | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | xenial | * |
| Linux-oem-6.11 | Ubuntu | upstream | * |
| Linux-oem-6.14 | Ubuntu | upstream | * |
| Linux-oem-6.17 | Ubuntu | upstream | * |
| Linux-oem-6.8 | Ubuntu | upstream | * |
| Linux-oem-osp1 | Ubuntu | bionic | * |
| Linux-oem-osp1 | Ubuntu | disco | * |
| Linux-oem-osp1 | Ubuntu | eoan | * |
| Linux-oem-osp1 | Ubuntu | upstream | * |
| Linux-oracle | Ubuntu | bionic | * |
| Linux-oracle | Ubuntu | cosmic | * |
| Linux-oracle | Ubuntu | disco | * |
| Linux-oracle | Ubuntu | esm-infra/bionic | * |
| Linux-oracle | Ubuntu | esm-infra/xenial | * |
| Linux-oracle | Ubuntu | upstream | * |
| Linux-oracle | Ubuntu | xenial | * |
| Linux-oracle-5.0 | Ubuntu | upstream | * |
| Linux-oracle-5.15 | Ubuntu | upstream | * |
| Linux-oracle-5.4 | Ubuntu | upstream | * |
| Linux-oracle-6.14 | Ubuntu | upstream | * |
| Linux-oracle-6.8 | Ubuntu | upstream | * |
| Linux-raspi | Ubuntu | upstream | * |
| Linux-raspi-5.4 | Ubuntu | upstream | * |
| Linux-raspi-realtime | Ubuntu | noble | * |
| Linux-raspi-realtime | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | bionic | * |
| Linux-raspi2 | Ubuntu | cosmic | * |
| Linux-raspi2 | Ubuntu | disco | * |
| Linux-raspi2 | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | xenial | * |
| Linux-raspi2-5.3 | Ubuntu | upstream | * |
| Linux-realtime | Ubuntu | jammy | * |
| Linux-realtime | Ubuntu | upstream | * |
| Linux-realtime-6.14 | Ubuntu | upstream | * |
| Linux-realtime-6.8 | Ubuntu | upstream | * |
| Linux-riscv | Ubuntu | esm-infra/focal | * |
| Linux-riscv | Ubuntu | focal | * |
| Linux-riscv | Ubuntu | jammy | * |
| Linux-riscv | Ubuntu | upstream | * |
| Linux-riscv-5.15 | Ubuntu | upstream | * |
| Linux-riscv-6.14 | Ubuntu | upstream | * |
| Linux-riscv-6.8 | Ubuntu | upstream | * |
| Linux-snapdragon | Ubuntu | bionic | * |
| Linux-snapdragon | Ubuntu | disco | * |
| Linux-snapdragon | Ubuntu | upstream | * |
| Linux-snapdragon | Ubuntu | xenial | * |
| Linux-xilinx | Ubuntu | upstream | * |
| Linux-xilinx-zynqmp | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/102.html
- https://cwe.mitre.org/data/definitions/117.html
- https://cwe.mitre.org/data/definitions/383.html
- https://cwe.mitre.org/data/definitions/477.html
- https://cwe.mitre.org/data/definitions/65.html
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en
- http://www.securityfocus.com/bid/106478
- https://access.redhat.com/errata/RHSA-2019:2029
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2473
- https://access.redhat.com/errata/RHSA-2019:2808
- https://access.redhat.com/errata/RHSA-2019:2809
- https://access.redhat.com/errata/RHSA-2019:2837
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4056
- https://access.redhat.com/errata/RHSA-2019:4057
- https://access.redhat.com/errata/RHSA-2019:4058
- https://access.redhat.com/errata/RHSA-2019:4159
- https://access.redhat.com/errata/RHSA-2019:4164
- https://access.redhat.com/errata/RHSA-2019:4255
- https://access.redhat.com/errata/RHSA-2020:0204
- https://arxiv.org/abs/1901.01161
- https://bugzilla.suse.com/show_bug.cgi?id=1120843
- https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190307-0001/
- https://www.debian.org/security/2019/dsa-4465
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en
- http://www.securityfocus.com/bid/106478
- https://access.redhat.com/errata/RHSA-2019:2029
- https://access.redhat.com/errata/RHSA-2019:2043
- https://access.redhat.com/errata/RHSA-2019:2473
- https://access.redhat.com/errata/RHSA-2019:2808
- https://access.redhat.com/errata/RHSA-2019:2809
- https://access.redhat.com/errata/RHSA-2019:2837
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4056
- https://access.redhat.com/errata/RHSA-2019:4057
- https://access.redhat.com/errata/RHSA-2019:4058
- https://access.redhat.com/errata/RHSA-2019:4159
- https://access.redhat.com/errata/RHSA-2019:4164
- https://access.redhat.com/errata/RHSA-2019:4255
- https://access.redhat.com/errata/RHSA-2020:0204
- https://arxiv.org/abs/1901.01161
- https://bugzilla.suse.com/show_bug.cgi?id=1120843
- https://github.com/torvalds/linux/commit/574823bfab82d9d8fa47f422778043fbb4b4f50e
- https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html
- https://seclists.org/bugtraq/2019/Jun/26
- https://security.netapp.com/advisory/ntap-20190307-0001/
- https://www.debian.org/security/2019/dsa-4465
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.theregister.co.uk/2019/01/05/boffins_beat_page_cache/