oss-sec mailing list archives

Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

From: Yves-Alexis Perez <corsac () debian org>
Date: Mon, 29 Jul 2024 09:02:33 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 2024-07-08 at 12:37 -0400, Will Dormann wrote:

  - Modern x86 systems with the CVE-2024-26621 patch will NOT ranzomize 
the load address of large libraries.  (i.e. is still vulnerable to 
"ASLRn't" despite the patch)


So it turns out this was because the patch addressing CVE-2024-26621
(4ef9ad19e17676b9ef071309bc62020e2373705d) did so using CONFIG_32BIT which is
(perhaps surprisingly) *not* defined on IA-32.

d9592025000b3cf26c742f3505da7b83aedc26d5 was recently merged to Linus tree
switching to !IS_ENABLED(CONFIG_64BIT) which should work on all architectures.
So ASLRn't *should* be fixed on IA-32 kernels with 6.11.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmanPokACgkQ3rYcyPpX
RFvvbgf9FxMoxKSPfurTVA4wavVh2wQ397KBfPEz1QtKwHqrmZR4TfEJOlzsC2BM
h/6Vk+uJK70ByaKvR1j8fdYMUKniIM5GAAfNdpbPpsTgMLHGjHrj/89zG2R2YxIN
GwuY00rOyUXRF8hpfMCACnGatRJQqTcnr+Bdb6abYkxxTQLTu9vK/gj+A/eJOw2y
ayj/SOd4hnSl7725A8rTiiW53mdE3jDhxLNHnTU8Ucdwd2SFNk81bu3j0EWkcw6V
J5DFcGGhiIPIWb6e2ff3ucOLBFwXkuhxJqoocwaQEdwtBqq5Ui7MWHfM1fpdHgNH
k+JbdP0eXtrUgbSjLiQfzYwMPTeLVw==
=zO5O
-----END PGP SIGNATURE-----

Current thread:

Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch, (continued)
- - - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 11)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 10)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch David A. Wheeler (Jul 11)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 12)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 13)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 13)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Demi Marie Obenour (Jul 14)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Jacob Bachmeyer (Jul 14)
    - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Steffen Nurpmeso (Jul 15)
- Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Yves-Alexis Perez (Jul 29)
  - Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch Will Dormann (Jul 30)