Date: Fri, 27 Mar 2015 13:11:41 +0100 From: Hector Marco <hecmargi@....es> To: Assign a CVE Identifier <cve-assign@...re.org> CC: oss-security@...ts.openwall.com, Ismael Ripoll <iripoll@...ca.upv.es> Subject: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hi, A bug in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). Grsecurity/PaX is also affected. The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes are reduced by eight. The number of possible locations where the mapped areas can be placed are reduced by 87.5%. On 32-bit systems, for example, the entropy for libraries is reduced from 28 to 25, which means that libraries only have 32 different places where they can be loaded. Details at: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html Link patch submission: https://lkml.org/lkml/2015/3/27/252 Could you please assign a CVE-ID for this? Hector Marco. http://hmarco.org Cyber-security researcher at http://cybersecurity.upv.es/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ