CVE-2024-0564: Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication
First published: Mon Jan 15 2024(Updated: )
A flaw has been discovered in the Linux kernel memory deduplication mechanism. Previous research has shown that memory deduplication can be attacked by exploiting the Copy-on-Write (COW) mechanism. However, the max page sharing[1] of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create another side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", the attacker maps 256 memory of the same pages it wants to learn and waits. He can then time the unmap to see if it merges with the victim's page. The reason the unmapping time depends on whether it merges with the victim's page is that additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker leaks the victim's page. We have confirmed that the target Linux kernel versions are 4.4.0-96.119 through 5.15.0-58-generic, and we expect later versions to be possible. The research, titled "Exploiting Memory Page Management in KSM for Remote Memory Deduplication Attack," was presented at The 24th World Conference on Information Security Applications (WISA), 2023 [2] and will be published by Springer this year [3]. - Reference - [1] <a href="https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513">https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513</a> [2] <a href="https://wisa.or.kr/accepted">https://wisa.or.kr/accepted</a> [3] <a href="https://link.springer.com/conference/wisa">https://link.springer.com/conference/wisa</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| >=4.4.0-96.119<=5.15.0-58 | ||
| =8.0 | ||
| =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2024-0564
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513
- https://bugzilla.redhat.com/show_bug.cgi?id=2258514
- https://link.springer.com/conference/wisa
- https://wisa.or.kr/accepted
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2259410
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2258514#c8
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/softwarecombine
- agent/references
- agent/tags
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-0564
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/linux
- vendor/redhat