oss-sec mailing list archives
Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib
From: Hector Marco-Gisbert <hecmargi () upv es>
Date: Fri, 03 Jul 2015 14:15:46 +0200
Hello Mitre, We are still waiting a response about the following security issues: 1) Title : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Date : March 2015Advisory : http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html Patch : http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464
2) Title : Linux ASLR mmap weakness: Reducing entropy by half Date : March 2015 Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html 3) Title : Offset2lib: bypassing full ASLR on 64bit Linux Date : November 2014 Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.htmlPath : https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90
Note : We are not sure whether it is a CVE or CWE. Could you please assign a cve number or say something about them ? Thank you, Hector. -- Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain)
Current thread:
- Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib Hector Marco-Gisbert (Jul 03)