search

KSPP / linux

Linux kernel source tree (Kernel Self Protection Project)
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
Other
80 stars 5 forks source link

x86 KASLR base exposed due to lack of entry trampoline (EntryBleed, CVE-2022-4543) #361

Open kees opened 1 month ago

kees commented 1 month ago

https://www.willsroot.io/2022/12/entrybleed.html

From v4.20 on, after KPTI was implemented, which had a fixed-location syscall entry trampoline, the trampoline was removed. This exposes the actual kernel mapping address via prefetch, etc. We need to restore this trampoline.