[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CVE-2015-2877 -- linux-image

ID: oval:org.secpod.oval:def:2001683Date: (C)2020-09-23   (M)2024-03-25
Class: VULNERABILITYFamily: unix




** DISPUTED ** Kernel Samepage Merging in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Platform:
Debian 10.x
Debian 9.x
Product:
linux-image-4.9
linux-image-4.19
Reference:
CVE-2015-2877
CVE    1
CVE-2015-2877

© SecPod Technologies