Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2015-2877
low Nessus Plugin ID 218782
Language:
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write- timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states Basically if you care about this attack vector, disable deduplication. Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities (CVE-2015-2877)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.Plugin Details
Severity: Low
ID: 218782
File Name: unpatched_CVE_2015_2877.nasl
Version: 1.1
Type: local
Agent: unix
Family: Misc.
Published: 3/4/2025
Updated: 3/4/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.2
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2015-2877
CVSS v3
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.9
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Required KB Items: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 8/5/2015
Reference Information
CVE: CVE-2015-2877