Launchpad.net

CVE 2015-2877

** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Related bugs and status

CVE-2015-2877 (Candidate) is related to these bugs:

Bug #1484792: CVE-2015-2877

		In	Importance	Status
1484792	CVE-2015-2877	linux (Ubuntu)	Undecided	New
1484792	CVE-2015-2877	linux-fsl-imx51 (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-mvl-dove (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-backport-maverick (Ubuntu)	Undecided	New
1484792	CVE-2015-2877	linux-lts-backport-natty (Ubuntu)	Undecided	New
1484792	CVE-2015-2877	linux-ti-omap4 (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-ec2 (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux (Ubuntu Wily)	Undecided	New
1484792	CVE-2015-2877	linux-ec2 (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-fsl-imx51 (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-backport-maverick (Ubuntu Wily)	Undecided	New
1484792	CVE-2015-2877	linux-lts-backport-natty (Ubuntu Wily)	Undecided	New
1484792	CVE-2015-2877	linux-mvl-dove (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-ti-omap4 (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux (Ubuntu Vivid)	Undecided	Won't Fix
1484792	CVE-2015-2877	linux-ec2 (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-fsl-imx51 (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-backport-maverick (Ubuntu Vivid)	Undecided	New
1484792	CVE-2015-2877	linux-lts-backport-natty (Ubuntu Vivid)	Undecided	New
1484792	CVE-2015-2877	linux-mvl-dove (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-ti-omap4 (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux (Ubuntu Trusty)	Undecided	New
1484792	CVE-2015-2877	linux-ec2 (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-fsl-imx51 (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	New
1484792	CVE-2015-2877	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	New
1484792	CVE-2015-2877	linux-mvl-dove (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-ti-omap4 (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux (Ubuntu Precise)	Undecided	Won't Fix
1484792	CVE-2015-2877	linux-ec2 (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-fsl-imx51 (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1484792	CVE-2015-2877	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1484792	CVE-2015-2877	linux-mvl-dove (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-ti-omap4 (Ubuntu Precise)	Low	Won't Fix
1484792	CVE-2015-2877	linux-lts-trusty (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-trusty (Ubuntu Precise)	Low	Won't Fix
1484792	CVE-2015-2877	linux-lts-trusty (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-trusty (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-trusty (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-armadaxp (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-armadaxp (Ubuntu Precise)	Low	Won't Fix
1484792	CVE-2015-2877	linux-armadaxp (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-armadaxp (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-armadaxp (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-goldfish (Ubuntu)	Low	New
1484792	CVE-2015-2877	linux-goldfish (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-goldfish (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-goldfish (Ubuntu Vivid)	Low	Won't Fix
1484792	CVE-2015-2877	linux-goldfish (Ubuntu Wily)	Low	New
1484792	CVE-2015-2877	linux-lts-saucy (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-saucy (Ubuntu Precise)	Low	Won't Fix
1484792	CVE-2015-2877	linux-lts-saucy (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-saucy (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-saucy (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-quantal (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-quantal (Ubuntu Precise)	Low	Won't Fix
1484792	CVE-2015-2877	linux-lts-quantal (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-quantal (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-quantal (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-flo (Ubuntu)	Low	New
1484792	CVE-2015-2877	linux-flo (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-flo (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-flo (Ubuntu Vivid)	Low	New
1484792	CVE-2015-2877	linux-flo (Ubuntu Wily)	Low	New
1484792	CVE-2015-2877	linux-lts-vivid (Ubuntu)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-vivid (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-vivid (Ubuntu Trusty)	Low	New
1484792	CVE-2015-2877	linux-lts-vivid (Ubuntu Vivid)	Low	Invalid
1484792	CVE-2015-2877	linux-lts-vivid (Ubuntu Wily)	Low	Invalid
1484792	CVE-2015-2877	linux-mako (Ubuntu)	Low	New
1484792	CVE-2015-2877	linux-mako (Ubuntu Precise)	Low	Invalid
1484792	CVE-2015-2877	linux-mako (Ubuntu Trusty)	Low	Invalid
1484792	CVE-2015-2877	linux-mako (Ubuntu Vivid)	Low	New
1484792	CVE-2015-2877	linux-mako (Ubuntu Wily)	Low	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-2877

Related bugs and status

Related bugs

References