CVE-2019-5489

MEDIUM

Linux Kernel < 4.19.13 - Information Disclosure via mincore() Page Cache Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5489. PoCs published by mmxsrup.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2019-5489, demonstrating a page cache side-channel attack to establish a covert channel between two processes on Linux kernels before 5.0. The PoC includes sender and receiver processes that transmit data via page cache state manipulation.

Description

The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.

Exploits (1)

nomisec WORKING POC 9 stars

by mmxsrup · poc

https://github.com/mmxsrup/CVE-2019-5489

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2019-5489, demonstrating a page cache side-channel attack to establish a covert channel between two processes on Linux kernels before 5.0. The PoC includes sender and receiver processes that transmit data via page cache state manipulation.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Complex

Reliability

Reliable

Target: Linux Kernel < 5.0

No auth needed

Prerequisites: Linux Kernel < 5.0 · Swap space disabled · Access to execute binaries on the target system

MITRE ATT&CK

T1055 - Process Injection T1027 - Obfuscated Files or Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (32)

Core 32

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106478

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2019/dsa-4465

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Mailing List mailing-list x_refsource_bugtraq

https://seclists.org/bugtraq/2019/Jun/26

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html