Cross-VM ASL INtrospection (CAIN) Attack: Exploiting Kernel Samepage Merging (KSM) Vulnerability

Cross-VM ASL INtrospection (CAIN) Attack: Exploiting Kernel Samepage Merging (KSM) Vulnerability

CVE-2015-2877 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.