TU Graz researchers have revived Linux page cache attacks and demonstrated they are far more practical and dramatically faster than prior work, affecting kernel versions from 2003 to the present. The techniques enable precise password-prompt detection, synchronized phishing overlays, inter-keystroke timing, cross-container spying in Docker, and site-identification via Firefox resources, and only CVE-2025-21691 has been mitigated so far; #TUGraz #LinuxPageCache #Docker #Discord #Firefox #CVE-2025-21691
Keypoints
- Researchers from TU Graz demonstrated that Linux page cache attacks are practical and significantly faster than earlier demonstrations.
- Flushing a page now takes around 0.8 microseconds and a full attack loop completes in 0.6–2.3 microseconds, far faster than prior results.
- Attackers can detect password prompts and time actions to deploy synchronized phishing overlays or keyloggers.
- Inter-keystroke timing attacks can reveal sensitive input, and a containerized attacker can observe file access in other Docker containers.
- Only CVE-2025-21691 has been fixed so far, and the researchers say the remaining techniques still work against current kernel versions.
Read More: https://www.securityweek.com/old-attack-new-speed-researchers-optimize-page-cache-exploits/