Published: 30/01/2024 Updated: 08/02/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the malicious user to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 8.0
redhat enterprise linux 9.0

DescriptionA flaw was found in the Linux kernel's memory deduplication mechanism The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 440-96119, can create a side channel When the attacker and the victim share the same host and the default setting of KSM is &quot;max page sharing=256&quot;, it is ...

CWE-203 https://access.redhat.com/security/cve/CVE-2024-0564 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513 https://bugzilla.redhat.com/show_bug.cgi?id=2258514 https://link.springer.com/conference/wisa https://wisa.or.kr/accepted https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2024-0564

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-0564

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect