Lucene search

Ubuntu.comUB:CVE-2024-0564

HistoryJan 30, 2024 - 12:00 a.m.

CVE-2024-0564

2024-01-3000:00:00

ubuntu.com

linux kernel

memory deduplication

ksm

side channel

page sharing

security flaw

vulnerability

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

A flaw was found in the Linux kernel’s memory deduplication mechanism. The
max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel
version 4.4.0-96.119, can create a side channel. When the attacker and the
victim share the same host and the default setting of KSM is “max page
sharing=256”, it is possible for the attacker to time the unmap to merge
with the victim’s page. The unmapping time depends on whether it merges
with the victim’s page and additional physical pages are created beyond the
KSM’s “max page share”. Through these operations, the attacker can leak the
victim’s page.

Bugs

Notes

Author	Note
	Priority reason: Requires attacker preparing an exact match of a page from the victim in the first place.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-aws-6.5< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.5	< any	UNKNOWN

Rows per page:

1-10 of 721

References

access.redhat.com/security/cve/CVE-2024-0564

launchpad.net/bugs/cve/CVE-2024-0564

link.springer.com/conference/wisa

nvd.nist.gov/vuln/detail/CVE-2024-0564

security-tracker.debian.org/tracker/CVE-2024-0564

wisa.or.kr/accepted

www.cve.org/CVERecord?id=CVE-2024-0564

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

Related for UB:CVE-2024-0564