From d6eeb05bf994a3cdb897e5bb6665c570d4eae5b6 Mon Sep 17 00:00:00 2001
From: Idan Horowitz <idan.horowitz@gmail.com>
Date: Tue, 22 Mar 2022 20:15:29 +0200
Subject: [PATCH] Base: Add KASLR to Mitigations(7)

---
 Base/usr/share/man/man7/Mitigations.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md
index a738d4a691..6b8521f35e 100644
--- a/Base/usr/share/man/man7/Mitigations.md
+++ b/Base/usr/share/man/man7/Mitigations.md
@@ -326,6 +326,22 @@ Date:   Tue Aug 31 16:08:11 2021 +0200
 Build: Pass "-z separate-code" to linker
 ```
 
+### KASLR (Kernel Address Space Layout Randomization)
+
+The location of the kernel code is randomized at boot time, this ensures that attackers
+can not use a hardcoded kernel addresses when attempting ROP, instead they must first find
+an additional information leak to expose the KASLR offset.
+
+It was first enabled in the following [commit](https://github.com/SerenityOS/serenity/commit/ece5a9a1088012ca9fadfb7e0bc3edd8029d36ad):
+
+```
+commit ece5a9a1088012ca9fadfb7e0bc3edd8029d36ad
+Author Idan Horowitz <idan.horowitz@gmail.com>
+Date:  Mon Mar 21 22:59:48 2022 +0200
+
+Kernel: Add an extremely primitive version of KASLR
+```
+
 ## See also
 
 * [`unveil`(2)](help://man/2/unveil)