CVE-2015-2877 -- linux-imageID: oval:org.secpod.oval:def:2001683 | Date: (C)2020-09-23 (M)2024-03-25 |
Class: VULNERABILITY | Family: unix |
** DISPUTED ** Kernel Samepage Merging in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.
Platform: |
Debian 10.x |
Debian 9.x |
Product: |
linux-image-4.9 |
linux-image-4.19 |