CVE 2015-2877
** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.
Related bugs and status
CVE-2015-2877 (Candidate) is related to these bugs:
Bug #1484792: CVE-2015-2877
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1484792 | CVE-2015-2877 | linux (Ubuntu) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-fsl-imx51 (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-mvl-dove (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-ti-omap4 (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-ec2 (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux (Ubuntu Wily) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-ec2 (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-fsl-imx51 (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-backport-maverick (Ubuntu Wily) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-lts-backport-natty (Ubuntu Wily) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-mvl-dove (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-ti-omap4 (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux (Ubuntu Vivid) | Undecided | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-ec2 (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-fsl-imx51 (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-mvl-dove (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-ti-omap4 (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux (Ubuntu Trusty) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-ec2 (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-fsl-imx51 (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
1484792 | CVE-2015-2877 | linux-mvl-dove (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-ti-omap4 (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux (Ubuntu Precise) | Undecided | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-ec2 (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-fsl-imx51 (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-mvl-dove (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-ti-omap4 (Ubuntu Precise) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-lts-trusty (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-trusty (Ubuntu Precise) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-lts-trusty (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-trusty (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-trusty (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-armadaxp (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-armadaxp (Ubuntu Precise) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-armadaxp (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-armadaxp (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-armadaxp (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-goldfish (Ubuntu) | Low | New | ||
1484792 | CVE-2015-2877 | linux-goldfish (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-goldfish (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-goldfish (Ubuntu Vivid) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-goldfish (Ubuntu Wily) | Low | New | ||
1484792 | CVE-2015-2877 | linux-lts-saucy (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-saucy (Ubuntu Precise) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-lts-saucy (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-saucy (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-saucy (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-quantal (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-quantal (Ubuntu Precise) | Low | Won't Fix | ||
1484792 | CVE-2015-2877 | linux-lts-quantal (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-quantal (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-quantal (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-flo (Ubuntu) | Low | New | ||
1484792 | CVE-2015-2877 | linux-flo (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-flo (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-flo (Ubuntu Vivid) | Low | New | ||
1484792 | CVE-2015-2877 | linux-flo (Ubuntu Wily) | Low | New | ||
1484792 | CVE-2015-2877 | linux-lts-vivid (Ubuntu) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-vivid (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-vivid (Ubuntu Trusty) | Low | New | ||
1484792 | CVE-2015-2877 | linux-lts-vivid (Ubuntu Vivid) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-lts-vivid (Ubuntu Wily) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-mako (Ubuntu) | Low | New | ||
1484792 | CVE-2015-2877 | linux-mako (Ubuntu Precise) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-mako (Ubuntu Trusty) | Low | Invalid | ||
1484792 | CVE-2015-2877 | linux-mako (Ubuntu Vivid) | Low | New | ||
1484792 | CVE-2015-2877 | linux-mako (Ubuntu Wily) | Low | New |
See the
CVE page on Mitre.org
for more details.