CVE-2024-0564 MEDIUM

CVE-2024-0564: Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-203
Published January 30, 2024
Last update November 21, 2025

CVSS base score

5.3/10
Attack vector Adjacent
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.

Key dates

02Disclosure timeline

January 30, 2024 CVE published
November 21, 2025 Record updated