Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-0564
CVE-2024-0564:
Linux Kernel vulnerability analysis and mitigation
Overview
A vulnerability was discovered in the Linux kernel's memory deduplication mechanism, specifically in the Kernel Samepage Merging (KSM) feature introduced in Linux kernel version 4.4.0-96.119. The vulnerability affects Linux kernel versions from 4.4.0-96.119 through 5.15.0-58. When KSM is enabled with its default setting of 'max page sharing=256', it creates a side channel that could allow an attacker to leak victim's page content when both share the same host (NVD, Red Hat).
Technical details
The vulnerability exists in the KSM's max page sharing mechanism. When an attacker and victim share the same host, the attacker can map 256 memory pages of the same content they want to learn about and wait. The timing of the unmap operation can reveal whether it merges with the victim's page, as additional physical pages are created beyond the KSM's max page share limit. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST and 5.3 (Medium) by Red Hat, with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).
Impact
The vulnerability could allow an attacker to leak the content of a victim's memory page through a timing side-channel attack. However, the practical impact is limited as the attacker needs to prepare a page with exact matching content (4096 bytes) to the target page for the attack to succeed (Red Hat).
Mitigation and workarounds
The vulnerability can be mitigated by either disabling KSM altogether or modifying KSM's default settings for max_page_sharing, pages_to_scan, and sleep_millisecs in the virtualization host. These changes will make it more difficult for attackers to successfully execute the timing attack (Red Hat).
Community reactions
Security experts have assessed this vulnerability as having low practical impact. Red Hat has classified it as 'low severity' due to the complexity of exploitation and the requirement for specific conditions to be met. The vulnerability was initially presented at The 24th World Conference on Information Security Applications (WISA) 2023 (Red Hat, WISA).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management