|
Bugzilla – Full Text Bug Listing |
| Summary: | Linux ASLR weakness: Reducing entropy by 87.5% | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 13.1 | Reporter: | Forgotten User RpcDNNbTox <forgotten_RpcDNNbTox> |
| Component: | Kernel | Assignee: | E-mail List <kernel-maintainers> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Critical | ||
| Priority: | P5 - None | CC: | mhocko |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86-64 | ||
| OS: | openSUSE 13.1 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
This has been already reported as bug 937032 and pushed into oS 13.1 git tree as 528c8ae4a31b6f498c6ca7d5199635304617c1fe *** This bug has been marked as a duplicate of bug 937032 *** Hello Michal, thanks for the info - did find it as I looked, guess because I searched for OS 13.1 only. But little question any Idea when the kernel Update will come to the Update repos ? Thanks a lot. Alex (In reply to Alexander Lüdtke from comment #2) > Hello Michal, > > thanks for the info - did find it as I looked, guess because I searched for > OS 13.1 only. > > But little question any Idea when the kernel Update will > come to the Update repos ? I am sorry, but I do not know what is the schedule for maint. update releases. https://build.opensuse.org/project/show/Kernel:openSUSE-13.1 should contain the fix |
Hello Guys, to Quote the webpage: " A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized in an attempt to avoid cache aliasing penalties for AMD Bulldozer (Family 15h) processors. Affected systems have reduced the mmapped files entropy by eight. After we found (and fixed) this weakness, we found a detailed white paper about this issue (Shared Level 1 instruction cache performance on AMD family 15h CPUs). Several workarounds were proposed, but none of them solved the problem in the way our proposal does. Our solution (see below) is not a workaround, but a solution that effectively avoids cache conflicts and does not jeopardizes ASLR entropy. The complexity, both in the number of lines of code and the timing overhead, of our proposed solution is negligible; that is, it does not have trade-offs AFAWK." " here you find the bug description and and Bugfix: http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html I know the bug is a littel older but I hoped that u will be able to include the patch to the OpenSuSE 13.1 Kernel :-) Thank you. greetings Alex