Posted by Hector Marco-Gisbert on Apr 21

A security issue in Linux ASLR implementation which affects some AMD processors
has been found. The issue affects to all Linux process even if they are not
using shared libraries (statically compiled).

The problem appears because some mmapped objects (VDSO, libraries, etc.) are
poorly randomized in an attempt to avoid cache aliasing penalties for AMD
Bulldozer (Family 15h) processors.

Affected systems have reduced the mmapped files entropy…