150

[OC] Reviving and Advancing Page Cache Attacks on Linux (My first publication as a PhD student!) (snee.la)

submitted 3 days ago* (last edited 3 days ago) by ABasilPlant@lemmy.world to c/linux@lemmy.ml

10 comments fedilink hide all child comments

Hi everyone! I'm happy to share that my first first-author paper has been accepted to a conference recently about side-channel attacks on the Linux page cache.

Side-channel attacks on the page cache (first shown in 2019 by my PhD advisor et al.) were thought to have been mitigated since 2019 or thought to be impractical for a long time. Work that I (+my co-authors) did over the past year showed that such attacks were very possible, but also way more severe than initially thought.

It started out with me randomly encountering the cachestat syscall, introduced in kernel 6.5 (2022) to query the state of OS pages in the page cache. After a bit of investigation, we found that it leaks whether pages are in the page cache, including of globally-readable files not owned by that user.

I have a few examples of what attacks are possible on the linked blog post, but the tl;dr is you can detect whether binaries are run (like pkexec, which is the GUI that pops up for password prompts), infer which websites a different local-user visits on Firefox (via the libxul shared library), infer user and system behavior across docker containers, and a few more.

We also found a few more interesting stuff, like the posix_fadvise syscall with the POSIX_FADV_DONTNEED can deterministically remove pages from cache. The other fine grained details are available in the paper: https://snee.la/pdf/pubs/eviction-notice.pdf, but a general write up is in the blog post.

The cachestat vulnerability was assigned CVE-2025-21691 and was fixed by Linus Torvalds himself (first time interacting with him!)

Since I know Lemmy loves Linux (as much as I do, or even more), I thought I'd share it here :D. Feel free to ask any questions if you have any!

There's also a Github repository of our code which has been peer-reviewed to be reproducible here: https://github.com/isec-tugraz/Eviction-Notice

you are viewing a single comment's thread
view the rest of the comments

[-] DibbleDabble@lemmy.ml 2 points 2 days ago

That colourblind palette is golden, thank you for sharing it. And I was just talking about me wanting have a crack at creating that arrow myself, but thank you for offering to share. I'll be sure to reach out if I find myself being unable to replicate it.

I wasn't even talking about tikzplotlib. It's just that pgf backend is now supported by matplotlib and you can produce pgf files with:

import matplotlib.pyplot as plt
import matplotlib

matplotlib.use('pgf')

fig, ax = plt.subplots()
# Code related to plotting here

fig.savefig("outputfile.pgf")

with relevant rcParams options in matplotlibrc, then import the pgf with:

\begin{figure}[h]
    \centering
      \resizebox{\linewidth}{!}{
        \input{outputfile.pgf}
      }
    \caption{Caption here.}
\end{figure}

But Python -> CSV -> LaTeX/pgf pipeline is quite smooth, for sure. I understand why you'd decide to opt for it without involving too many third-party dependencies.

[-] ABasilPlant@lemmy.world 1 points 2 days ago

I’ll be sure to reach out if I find myself being unable to replicate it.

No worries, and good luck! My email can be found on my website if you want it :D

I wasn’t even talking about tikzplotlib. It’s just that pgf backend is now supported by matplotlib and you can produce pgf files with.

Ah... I've think I've heard of it, but I never really registered that. Thanks for the info :D

[-] DibbleDabble@lemmy.ml 1 points 2 days ago

I'd be glad to stay in contact about this. Feel free to let me know of your website/preferred email whenever convenient.

[-] ABasilPlant@lemmy.world 2 points 2 days ago

My website's the one linked in this post: https://snee.la/

My email is at the contact page: https://snee.la/contact/

sneela [at] tugraz [dot] at

this post was submitted on 16 Jan 2026

150 points (100.0% liked)

Linux

57274 readers

1257 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz