A very interesting bug that impacts most common Linux-based distros (Ubuntu, Arch, Fedora) with linux >= v5.18 that severely hinders Address Space Layout Randomization (ASLR) on 64-bit binaries and completely negates it on 32-bit binaries. The root cause is fairly simple, and is the fact that in 5.18, a change was made in the thp_get_unmapped() function used by common filesystem drivers (ext4, ext2, btrfs, xfs, fuse) for mapping file-backed memory. The change was simply that it switched from using regular 4KB pages to using huge pages (2MB pages). Of course, 2MB pages have a larger page boundary (0x100000 instead of 0x1000). Due to alignment, this eliminates 9 bits of entropy from the base address of files such as libc.so.

In 64-bit, this loss of 9 bits takes the entropy of bits for ASLR from 28 to 19. In 32-bit, this takes the 8 bits to zero.