Red Hat, Inc. Information for VU#935424

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

Status

Affected

Vendor Statement

This issue affects the versions of the Linux Kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6 and 7. Red Hat Product Security has rated this issue
as having Low security impact. Additionally a workaround is available. A future
update may address this issue.

    VMM layer: Deactivation of memory deduplication Deactivating memory
    deduplication will effectively mitigate all attack vectors. This measure
    unfortunately eliminates all the highly appreciated benefits of memory
    deduplication, namely the increase of operational cost-effectiveness through
    inter-VM memory sharing.

    Deactivating memory deduplication is the simplest way to prevent exploitation
    of this attack. However this will cause an increase in the amount of memory
    required and in some situations may adversely impact performance (e.g. due to
    slower swap space being used). It is recommended that customers test this
    workaround before using it in production.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-2877

https://access.redhat.com/security/updates/classification/

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.