CVE-2024-0564Observable Discrepancy in Kernel

CWE-203Observable DiscrepancyCWE-99Resource Injection6 documents6 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.0%
top 93.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelRedhat Enterprise Linux
Timeline
PublishedJan 30

Description

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are crea

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDlinux/linux_kernel4.4.0-96.1195.15.0-58

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-5m9g-m2vj-47r4: A flaw was found in the Linux kernel's memory deduplication mechanism2024-01-30
OSV
CVE-2024-0564: A flaw was found in the Linux kernel's memory deduplication mechanism2024-01-30
CVEList
Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication2024-01-30

📋Vendor Advisories

2
Red Hat
kernel: max page sharing of Kernel Samepage Merging (KSM) may cause memory deduplication2024-01-20
Debian
CVE-2024-0564: linux - A flaw was found in the Linux kernel's memory deduplication mechanism. The max p...2024
CVE-2024-0564 — Observable Discrepancy in Linux Kernel | cvebase