Vulnerabilities > CVE-2024-0564 - Information Exposure Through Discrepancy vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/security/cve/CVE-2024-0564
- https://access.redhat.com/security/cve/CVE-2024-0564
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
- https://bugzilla.redhat.com/show_bug.cgi?id=2258514
- https://bugzilla.redhat.com/show_bug.cgi?id=2258514
- https://link.springer.com/conference/wisa
- https://link.springer.com/conference/wisa
- https://wisa.or.kr/accepted
- https://wisa.or.kr/accepted