3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.6%
Multiple vendors’ implementations of Virtual Machine Monitors (VMM) are vulnerable to a memory deduplication attack.
As reported in the “Cross-VM ASL INtrospection (CAIN)” paper, an attacker with basic user rights within the attacking Virtual Machine (VM) can leverage memory deduplication within Virtual Machine Monitors (VMM). This effectively leaks the randomized base addresses of libraries and executables in the processes of neighboring VMs. Granting the attacker the ability to leak the Address-Space Layout of a process within a neighboring VM results in the potential to bypass ASLR.
A malicious attacker with only user rights within the attacking VM can reliably determine the base address of a process within a neighboring VM. This information can be used to develop a code-reuse or return oriented programming exploit for a known vulnerability in a target process. Attacking the target process is outside the scope of the CAIN attack…
Deactivation of memory deduplication is the only known way to completely defend against the CAIN attack.
See CAIN paper for a list of other mitigations.
935424
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: August 11, 2015 Updated: September 14, 2015
Affected
Basically if you care about this attack vector, disable deduplication
.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 11, 2015 Updated: September 09, 2015
Affected
`- Virtuozzo 6 (formerly Parallels Cloud Server 6) Virtual Machines are
not affected since our hypervisor does not utilize page sharing.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 11, 2015 Updated: October 06, 2015
Statement Date: August 11, 2015
Affected
This issue affects the versions of the Linux Kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. Additionally a workaround is available. A future update may address this issue.
`VMM layer: Deactivation of memory deduplication Deactivating memory
deduplication will effectively mitigate all attack vectors. This measure
unfortunately eliminates all the highly appreciated benefits of memory
deduplication, namely the increase of operational cost-effectiveness through
inter-VM memory sharing.
Deactivating memory deduplication is the simplest way to prevent exploitation
of this attack. However this will cause an increase in the amount of memory
required and in some situations may adversely impact performance (e.g. due to
slower swap space being used). It is recommended that customers test this
workaround before using it in production.`
We are not aware of further vendor information regarding this vulnerability.
Notified: July 23, 2015 Updated: September 09, 2015
Statement Date: July 24, 2015
Not Affected
There is no impact…
We are not aware of further vendor information regarding this vulnerability.
Notified: July 12, 2015 Updated: September 14, 2015
Not Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: July 12, 2015 Updated: September 14, 2015
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: August 11, 2015 Updated: October 06, 2015
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Updated: September 14, 2015
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 1.5 | AV:L/AC:M/Au:S/C:P/I:N/A:N |
Temporal | 1.4 | E:F/RL:W/RC:C |
Environmental | 1.0 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND |
<https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi>
Thanks to Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas R. Gross for reporting this vulnerability.
This document was written by Brian Gardiner.
CVE IDs: | CVE-2015-2877 |
---|---|
Date Public: | 2015-07-30 Date First Published: |
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
24.6%