oss-sec mailing list archives

Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib

From: Hector Marco-Gisbert <hecmargi () upv es>
Date: Fri, 03 Jul 2015 14:15:46 +0200

Hello Mitre,

We are still waiting a response about the following security issues:

1)
   Title    : AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%.
   Date     : March 2015

Advisory :http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.htmlPatch :http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=4e26d11f52684dc8b1632a8cfe450cb5197a8464


2) Title    : Linux ASLR mmap weakness: Reducing entropy by half
   Date     : March 2015
   Advisory : http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html

3) Title    : Offset2lib: bypassing full ASLR on 64bit Linux
   Date     : November 2014
   Advisory : http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

Path :https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable/+/d1fd836dcf00d2028c700c7e44d2c23404062c90

   Note     : We are not sure whether it is a CVE or CWE.



Could you please assign a cve number or say something about them ?



Thank you,
Hector.


--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

Current thread:

Waiting Mitre response: AMD Bulldozer, Linux ASLR mmap and Offset2lib Hector Marco-Gisbert (Jul 03)