Rapid7 Vulnerability & Exploit Database

Oracle Solaris 11: CVE-2019-5489: Vulnerability in Kernel

Back to Search

Oracle Solaris 11: CVE-2019-5489: Vulnerability in Kernel

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

01/07/2019

Created

01/20/2021

Added

01/19/2021

Modified

11/17/2021

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Solution(s)

oracle-solaris-11-4-upgrade-value-consolidation-osnet-osnet-incorporation-11-4-11-4-21-0-1-69-2

References

https://attackerkb.com/topics/cve-2019-5489
106478
CVE - 2019-5489
DSA-4465
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:2473
RHSA-2019:2808
RHSA-2019:2809
RHSA-2019:2837
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019:3967
RHSA-2019:4056
RHSA-2019:4057
RHSA-2019:4058
RHSA-2019:4159
RHSA-2019:4164
RHSA-2019:4255
RHSA-2020:0204
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Oracle Solaris 11: CVE-2019-5489: Vulnerability in Kernel