CVE-2021-3714: 
Linux Kernel vulnerability analysis and mitigation

A flaw was found in the Linux kernel's memory deduplication mechanism (CVE-2021-3714). Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The vulnerability allows attackers to exploit memory deduplication through networked services by uploading page-sized files and detecting changes in access time to determine if pages have been merged (Ubuntu Security, NVD).

The vulnerability exists in the kernel's memory deduplication feature known as KSM (Kernel Samepage Merging). An attacker can exploit this by uploading page-sized files and monitoring access time changes from networked services to determine if pages have been merged. The vulnerability has a CVSS 3.x Base Score of 5.9 (Medium) (Ubuntu Security).

This attack can leak targeted information if an attacker is willing to write an exploit for the running services. The vulnerability enables remote memory disclosure attacks, making it possible to disclose memory contents from a remote server by timing HTTP/1 and HTTP/2 network requests (Research Paper).

KSM can be disabled with the command 'echo 2 > /sys/kernel/mm/ksm/run'. However, this will deduplicate memory and may cause an OOM (Out Of Memory) situation (Ubuntu Security).