How severe is CVE-2024-0564?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-0564?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2024-0564 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.

Related Vulnerabilities

CVE-2014-9720

MEDIUM

CVSS:6.5(Medium)

Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determin...

CWE-2032014

CVE-2018-10919

MEDIUM

CVSS:6.5(Medium)

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential ...

CWE-2032018

CVE-2019-13456

MEDIUM

CVSS:6.5(Medium)

In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks info...

CWE-2032019

CVE-2020-6400

MEDIUM

CVSS:6.5(Medium)

Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2020-6473

MEDIUM

CVSS:6.5(Medium)

Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CWE-2032020

CVE-2021-0086

MEDIUM

CVSS:6.5(Medium)

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CWE-2032021