Описание
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-infra-legacy/trusty | not-affected | architectural limitation of KSM |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise | ignored | end of life |
| precise/esm | ignored | end of life |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was deferred |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-infra-legacy/trusty | not-affected | architectural limitation of KSM |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-infra-legacy/trusty | not-affected | architectural limitation of KSM |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of ESM support, was not-affected [architectural limitation of KSM] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | not-affected | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| esm-infra/xenial | not-affected | architectural limitation of KSM |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life, was ignored |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life, was needs-triage |
| precise/esm | ignored | end of life, was needs-triage |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life, was ignored |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | ignored | end of life |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was ignored [end of life, was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of life, was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was ignored [end of life, was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of life, was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was ignored [end of life, was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of life, was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | architectural limitation of KSM |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of ESM support, was not-affected [architectural limitation of KSM] |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | architectural limitation of KSM |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was ignored [abandoned] |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | not-affected | architectural limitation of KSM |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | DNE | |
| devel | not-affected | |
| esm-apps/xenial | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was deferred |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected |
Показывать по
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3
Связанные уязвимости
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x d ...
** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.
Уязвимость компонента Kernel Samepage Merging (KSM) операционной системы Linux, позволяющая нарушителю оказать влияние на конфиденциальность информации
EPSS
2.1 Low
CVSS2
3.3 Low
CVSS3