Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Oct 2018 13:41:26 +0200
From: Solar Designer <>
Cc: Dave Hansen <>
Subject: Linux kernel: "Meltdown leaks with Global kernel mapping"


I didn't look into this closely, but I think it needs to be brought in
here.  Back in August, Dave Hansen reported what may be ways to bypass
PTI protection in the Linux kernel in some cases.  Dave's fixes got into
Linux 4.18.5, but maybe not into any other releases nor into distros,
except for those that updated to 4.18.5 (apparently, some SUSE branch
and some Yocto branch?)

Start of a relevant thread:

The Subject says "close two Meltdown leaks with Global kernel mapping",
but it isn't immediately clear to me what "two" leaks there are.  Only
one appears to be clearly described:

The corresponding commit:

There are mentions of "r/w kernel text issue" and "unused hole" issue -
is this why "two"?  But "r/w kernel text" feels irrelevant to Meltdown.

I've attached the two LKML postings above for archival on oss-security
as well.


View attachment "lkml-close-two-meltdown-leaks.txt" of type "text/plain" (3099 bytes)

View attachment "lkml-remove-freed-kernel-image-areas.txt" of type "text/plain" (10579 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.