CVE-2021-3714

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the Linux kernel's memory deduplication mechanism. This issue can be exploited via a local mechanism, and the same technique can be used if an attacker can upload page-sized files and detect the change in access time from a networked service to determine if the page has been merged. The attack allows an attacker to determine the presence of specific data in memory, organize byte-by-byte leakage of memory contents, or determine the memory layout to bypass address space layout randomization (ASLR) protection. The attack can be conducted from a remote host using HTTP/1 and HTTP/2 protocols by analyzing changes in response times to sent requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.