Bug 1931327 (CVE-2021-3714)
Summary: | CVE-2021-3714 kernel: Remote Page Deduplication Attacks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aarcange, acaringi, adscvr, airlied, alciregi, aquini, bhu, bmasney, bskeggs, carnil, chwhite, crwood, ddutile, dvlasenk, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, liwan, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, scweaver, security-response-team, steved, vkumar, vsroka, walters, williams, zhijwang |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2023-06-26 12:45:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2024000, 2024001, 2024002, 2024003, 2024469, 2024470, 2024471, 2024472, 2024473, 2024474, 2024475, 2024476, 2024477, 2024478, 2024479, 2024480, 2024481, 2024482, 2024483, 2024484, 2024485, 2024486, 2024487, 2024488, 2029650, 2070414, 2089896, 2089897, 2089898, 2089899 | ||
Bug Blocks: | 1927328 |
Description
Wade Mealing
2021-02-22 07:31:19 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2070414] Are there any public information available on this flaw? I would like to track the correct status for the kernel in Debian, but fail to find information on this issue. Is this fixed upstream? What are the upstream commit(s)? This is currently not fixed upstream. I'm no longer doing incident response, so CC'ing rkeshri for further details. In reply to comment #16: > Are there any public information available on this flaw? I would like to > track the correct status for the kernel in Debian, but fail to find > information on this issue. Is this fixed upstream? What are the upstream > commit(s)? Hello Carnil, https://arxiv.org/pdf/2111.08553.pdf is for reference. thanks (In reply to Rohit Keshri from comment #18) > In reply to comment #16: > > Are there any public information available on this flaw? I would like to > > track the correct status for the kernel in Debian, but fail to find > > information on this issue. Is this fixed upstream? What are the upstream > > commit(s)? > > Hello Carnil, https://arxiv.org/pdf/2111.08553.pdf is for reference. thanks Thank you! |