Bug 1202680 - (CVE-2021-3714) VUL-0: CVE-2021-3714: kernel-source,kernel-source-rt,kernel-source-azure: Remote Page Deduplication Attacks
VUL-0: CVE-2021-3714: kernel-source,kernel-source-rt,kernel-source-azure: Rem...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-08-24 09:33 UTC by Hu
Modified: 2023-03-02 15:31 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-08-24 09:33:25 UTC

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.  This attack can leak targeted information if an attacker is wiling to write an exploit for the services running.

Comment 1 Jan Kara 2022-08-25 14:38:27 UTC
Honestly, I find this threat rather contrieved but looking at the paper they seem to have achieved rather interesting results with this. I'm not sure we can be doing anything about this in the kernel though. It is more about policies sysadmins decide to follow. Anyway, not my call to decide. Let me add Michal here. Michal, feel free to reassign to virtualization guys if they are better fit. Thanks!
Comment 3 Michal Hocko 2022-08-26 08:52:20 UTC
Well, KSM is known to be unsafe for these reasons for quite some time. In general it is discouraged to enable it for any security sensitive applications.

Although we enable CONFIG_KSM, no pages are merged unless there is an explicit MADV_SHAREABLE.

As Jack pointed out, there is not much actionable from the kernel itself. We could disable CONFIG_KSM but that would cut also sensible usecases off.
Comment 7 Jan Kara 2022-10-12 16:30:52 UTC
Ping Claudio?
Comment 8 Claudio Fontana 2022-10-26 08:00:28 UTC
Hello, just disabling CONFIG_KSM is not currently possible,

we have major customers actively using it (BMW), despite our feedback on its drawbacks.

We should probably inform better the customers on the security implications of using same page merging, due to these possible timing attacks,

but otherwise we should probably keep the feature, or start an activity with all our major customers collecting information on KSM usage with the goal of retiring it in the long term, it is not something that can be done without customer feedback.


Comment 10 Petr Mladek 2022-11-16 15:28:56 UTC
Adding Dario into Cc who actively works on the qemu-ksm package.

Dario, do you know if we enable KSM on any product by default, please?
Comment 14 Dario Faggioli 2023-03-02 13:57:32 UTC
(In reply to Petr Mladek from comment #10)
> Adding Dario into Cc who actively works on the qemu-ksm package.
> Dario, do you know if we enable KSM on any product by default, please?
As far as I know, it's not. In fact, we have a systemd service for that, and it's not being enabled in the various presets. And the kernel default should be "0", which means "stop ksmd from running but keep merged pages, must be changed to 1 to activate KSM"
Comment 15 Michal Hocko 2023-03-02 15:31:56 UTC
Thanks a lot Dario. I think that makes it INVALID/WONTFIX then. As stated in comment 3. KSM should be used with care. Disabling KSM would break legit usecases as well and we do not enable this by default in our usual virtualization solutions so there is nothing actionable.

I will leave out whether INVALID or WONTFIX is a better match in this context.