1. Please describe the problem: It's currently trivial to perform heap feng-shui on Fedora to exploit heap-related memory corruption like use-after-free or types-confusion. Enabling CONFIG_RANDOM_KMALLOC_CACHES would make it arguably harder for attacker to produce reliable exploits. It's a ~150LoC not-so-bad security mitigation with performance impact in the noise level, I don't see why it shouldn't be enabled by default. See the following links for in-detail analysis: - https://dustri.org/b/some-notes-on-randomized-slab-caches-for-kmalloc.html - https://sam4k.com/exploring-linux-random-kmalloc-caches/ - https://lwn.net/Articles/938246/ 2. What is the Version-Release number of the kernel: N/A 3. Did it work previously in Fedora? If so, what kernel version did the issue *first* appear? Old kernels are available for download at https://koji.fedoraproject.org/koji/packageinfo?packageID=8 : No 4. Can you reproduce this issue? If so, please provide the steps to reproduce the issue below: Yes, rebuild with `CONFIG_RANDOM_KMALLOC_CACHES=y` and notice that nothing breaks. 5. Does this problem occur with the latest Rawhide kernel? To install the Rawhide kernel, run ``sudo dnf install fedora-repos-rawhide`` followed by ``sudo dnf update --enablerepo=rawhide kernel``: N/A 6. Are you running any modules that not shipped with directly Fedora's kernel?: N/A 7. Please attach the kernel logs. You can get the complete kernel log for a boot with ``journalctl --no-hostname -k > dmesg.txt``. If the issue occurred on a previous boot, use the journalctl ``-b`` flag. N/A Reproducible: Always
FEDORA-2024-e513c6594d (kernel-6.8.9-100.fc38) has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-e513c6594d
FEDORA-2024-c90afc5c01 (kernel-6.8.9-300.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-c90afc5c01
FEDORA-2024-3697e3b459 (kernel-6.8.9-200.fc39) has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-3697e3b459
FEDORA-2024-e513c6594d has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-e513c6594d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-e513c6594d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-3697e3b459 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-3697e3b459` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-3697e3b459 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-c90afc5c01 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-c90afc5c01` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-c90afc5c01 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-3697e3b459 (kernel-6.8.9-200.fc39) has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-e513c6594d (kernel-6.8.9-100.fc38) has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-c90afc5c01 (kernel-6.8.9-300.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.