Showing 1 - 1 of 1

CVE-2015-2877

Status Candidate

Overview

** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.

Related Files

Cross-VM ASL INtrospection (CAIN): Posted Aug 6, 2015; Authored by Thomas R. Gross, Kaveh Razavi, Antonio Barresi, Mathias Payer; A new attack vector against memory de-duplication in Virtual Machine Monitors (VMM) was discovered where attackers can effectively leak randomized base addresses of libraries and executables in processes of neighboring Virtual Machines (VM).; tags | advisory; advisories | CVE-2015-2877; SHA-256 | 9e6b738d2e5eaffe490fd377d28c69a0a18083b0200b814f25bc8610ba712523; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
indoushka 139 files
Ubuntu 79 files
Gentoo 33 files
Debian 26 files
Sebastian Hamann 8 files
Jann Horn 7 files
Google Security Research 6 files
Moritz Abrell 6 files
Jaggar Henry 6 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,110)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,941)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,657)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,783)
UNIX (9,443)
UnixWare (187)
Windows (6,679)
Other

CVE-2015-2877

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems