Vulnerability Details CVE-2021-3714
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.8%
CVSS Severity
CVSS v3 Score 5.9
References
- https://access.redhat.com/security/cve/CVE-2021-3714
- https://arxiv.org/abs/2111.08553
- https://arxiv.org/pdf/2111.08553.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=1931327
- https://access.redhat.com/security/cve/CVE-2021-3714
- https://arxiv.org/abs/2111.08553
- https://arxiv.org/pdf/2111.08553.pdf
- https://bugzilla.redhat.com/show_bug.cgi?id=1931327
Products affected by CVE-2021-3714
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0