Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86 KASLR base exposed due to lack of entry trampoline (EntryBleed, CVE-2022-4543) #361

Open
kees opened this issue May 16, 2024 · 0 comments
Open

x86 KASLR base exposed due to lack of entry trampoline (EntryBleed, CVE-2022-4543) #361

kees opened this issue May 16, 2024 · 0 comments
Labels
[ARCH] x86_64 Needed on the 64-bit x86 architecture (ARCH=x86) [Defense] information exposure Provide a defense for an information exposure

Comments

@kees
Copy link

kees commented May 16, 2024
edited
Loading

https://www.willsroot.io/2022/12/entrybleed.html

From v4.20 on, after KPTI was implemented, which had a fixed-location syscall entry trampoline, the trampoline was removed. This exposes the actual kernel mapping address via prefetch, etc. We need to restore this trampoline.
@kees kees added [ARCH] x86_64 Needed on the 64-bit x86 architecture (ARCH=x86) [Defense] information exposure Provide a defense for an information exposure labels May 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[ARCH] x86_64 Needed on the 64-bit x86 architecture (ARCH=x86) [Defense] information exposure Provide a defense for an information exposure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kees