Reviving and Advancing Page Cache Attacks on Linux - Lemmy Cafe

>Hi everyone! I’m happy to share that my first first-author paper has been accepted to a conference recently about side-channel attacks on the Linux page cache. > >Side-channel attacks on the page cache (first shown in 2019 by my PhD advisor et al.) were thought to have been mitigated since 2019 or thought to be impractical for a long time. Work that I (+my co-authors) did over the past year showed that such attacks were very possible, but also way more severe than initially thought. > >It started out with me randomly encountering the cachestat [https://lwn.net/Articles/917096/] syscall, introduced in kernel 6.5 (2022) to query the state of OS pages in the page cache. After a bit of investigation, we found that it leaks whether pages are in the page cache, including of globally-readable files not owned by that user. > >I have a few examples of what attacks are possible on the linked blog post, but the tl;dr is you can detect whether binaries are run (like pkexec, which is the GUI that pops up for password prompts), infer which websites a different local-user visits on Firefox (via the libxul shared library), infer user and system behavior across docker containers, and a few more. > >We also found a few more interesting stuff, like the posix_fadvise syscall with the POSIX_FADV_DONTNEED can deterministically remove pages from cache. The other fine grained details are available in the paper: https://snee.la/pdf/pubs/eviction-notice.pdf [https://snee.la/pdf/pubs/eviction-notice.pdf], but a general write up is in the blog post. > > The cachestat vulnerability was assigned CVE-2025-21691 [https://lore.kernel.org/linux-cve-announce/2025021055-CVE-2025-21691-2bd2@gregkh/T/#u] and was fixed [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f537664e705b0bf8b7e329861f20128534f6a83] by Linus Torvalds himself (first time interacting with him!) > >Since I know Lemmy loves Linux (as much as I do, or even more), I thought I’d share it here :D. Feel free to ask any questions if you have any! > >There’s also a Github repository of our code which has been peer-reviewed to be reproducible here: https://github.com/isec-tugraz/Eviction-Notice [https://github.com/isec-tugraz/Eviction-Notice] Author @[email protected] [/u/[email protected]] [https://lemmy.world/u/ABasilPlant]