Bug 1931327 (CVE-2021-3714)

Summary: CVE-2021-3714 kernel: Remote Page Deduplication Attacks
Product: [Other] Security Response Reporter: Wade Mealing <wmealing>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aarcange, acaringi, adscvr, airlied, alciregi, aquini, bhu, bmasney, bskeggs, carnil, chwhite, crwood, ddutile, dvlasenk, hdegoede, hkrzesin, hpa, jarod, jarodwilson, jburrell, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jwboyer, jwyatt, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, liwan, lzampier, masami256, mchehab, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, scweaver, security-response-team, steved, vkumar, vsroka, walters, williams, zhijwang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-26 12:45:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2024000, 2024001, 2024002, 2024003, 2024469, 2024470, 2024471, 2024472, 2024473, 2024474, 2024475, 2024476, 2024477, 2024478, 2024479, 2024480, 2024481, 2024482, 2024483, 2024484, 2024485, 2024486, 2024487, 2024488, 2029650, 2070414, 2089896, 2089897, 2089898, 2089899    
Bug Blocks: 1927328    

Description Wade Mealing 2021-02-22 07:31:19 UTC 
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.  This attack can leak targeted information if an attacker is wiling to write an exploit for the services running.
Comment 15 Rohit Keshri 2022-03-31 06:38:51 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2070414]
Comment 16 Salvatore Bonaccorso 2022-04-02 19:02:16 UTC 
Are there any public information available on this flaw? I would like to track the correct status for the kernel in Debian, but fail to find information on this issue. Is this fixed upstream? What are the upstream commit(s)?
Comment 17 Wade Mealing 2022-04-07 05:36:52 UTC 
This is currently not fixed upstream.  I'm no longer doing incident response, so CC'ing rkeshri for further details.
Comment 18 Rohit Keshri 2022-05-10 17:41:58 UTC 
In reply to comment #16:
> Are there any public information available on this flaw? I would like to
> track the correct status for the kernel in Debian, but fail to find
> information on this issue. Is this fixed upstream? What are the upstream
> commit(s)?

Hello Carnil, https://arxiv.org/pdf/2111.08553.pdf is for reference. thanks
Comment 19 Salvatore Bonaccorso 2022-05-10 18:52:49 UTC 
(In reply to Rohit Keshri from comment #18)
> In reply to comment #16:
> > Are there any public information available on this flaw? I would like to
> > track the correct status for the kernel in Debian, but fail to find
> > information on this issue. Is this fixed upstream? What are the upstream
> > commit(s)?
> 
> Hello Carnil, https://arxiv.org/pdf/2111.08553.pdf is for reference. thanks

Thank you!