CVE-2015-2877

Name: CVE-2015-2877
Creator: NVD / NIST
Published: 2017-03-03T11:59:00.147+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 3.3/10EPSS 0.94%

Last modified Jun 17, 2026

CVE-2015-2877 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities

Metrics

CVSS 3.1

3.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.94%

56.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.32, <= 4.20.15
Redhat	Enterprise Linux	4.0
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux	7.0

References

http://www.antoniobarresi.com/files/cain_advisory.txtTechnical Description, Third Party Advisory
http://www.kb.cert.org/vuls/id/935424Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/76256Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1252096Issue Tracking, Third Party Advisory
https://www.kb.cert.org/vuls/id/BGAR-A2CNKGThird Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/BLUU-9ZAHZHThird Party Advisory, US Government Resource
https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdfTechnical Description, Third Party Advisory
http://www.antoniobarresi.com/files/cain_advisory.txtTechnical Description, Third Party Advisory
http://www.kb.cert.org/vuls/id/935424Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/76256Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1252096Issue Tracking, Third Party Advisory
https://www.kb.cert.org/vuls/id/BGAR-A2CNKGThird Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/BLUU-9ZAHZHThird Party Advisory, US Government Resource
https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdfTechnical Description, Third Party Advisory

Timeline

Published: Mar 3, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-2877?

How severe is CVE-2015-2877?

CVE-2015-2877 has a CVSS score of 3.3/10 (LOW severity). The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2015-2877?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2877?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST