Vigil@nce - Linux kernel: weakness of ASLR on AMD Bulldozer
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a weakness of ASLR of the Linux kernel on AMD
Bulldozer processors, in order to more easily guess a memory
address.
Impacted products: Linux
Severity: 1/4
Creation date: 27/03/2015
DESCRIPTION OF THE VULNERABILITY
Systems use ASLR in order to randomize memory addresses used by
programs and libraries.
The arch_get_unmapped_area() function of the
arch/x86/kernel/sys_x86_64.c contains an optimization for AMD
Bulldozer processors. However, the alignment management truncates
the number of used random bits.
An attacker can therefore use a weakness of ASLR of the Linux
kernel on AMD Bulldozer processors, in order to more easily guess
a memory address.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-weakness-of-ASLR-on-AMD-Bulldozer-16484