CVE-2015-2877Sensitive Information Exposure in Kernel

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 70.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelRedhat Enterprise LinuxDebian Linux
Timeline
PublishedMar 3
Latest updateMay 13

Description

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclo

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDlinux/linux_kernel2.6.324.20.15
debiandebian/linux

Also affects: Enterprise Linux 4.0, 5.0, 6.0, 7.0

🔴Vulnerability Details

3
GHSA
GHSA-4pm5-34cf-2v36: ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 22022-05-13
OSV
CVE-2015-2877: ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 22017-03-03
OSV
CVE-2015-2877: Kernel Samepage Merging (KSM) in the Linux kernel 22017-03-03

📋Vendor Advisories

2
Red Hat
Kernel: Cross-VM ASL INtrospection (CAIN)2015-08-05
Debian
CVE-2015-2877: linux - Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not pr...2015

🕵️Threat Intelligence

2
Unit42
Making Containers More Isolated: An Overview of Sandboxed Container Technologies2019-06-06
Unit42
Making Containers More Isolated: An Overview of Sandboxed Container Technologies2019-06-06

💬Community

1
Bugzilla
CVE-2015-2877 Kernel: Cross-VM ASL INtrospection (CAIN)2015-08-10