Enable vdso32=0

README.md

@@ -151,7 +151,7 @@ configuration file.
   safety error detector which can identify heap out-of-bounds access, use-after-free,
   and invalid-free errors.
 
-- Provide the option to disable 32 bit vDSO mappings.
+- Disable 32-bit vDSO mappings as they are a legacy compatibility feature.
 
 - Provide the option to use kCFI as the default CFI implementation since it may be
   slightly more resilient to attacks that are able to write arbitrary executables

etc/default/grub.d/40_kernel_hardening.cfg

@@ -136,13 +136,13 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX debugfs=off"
 ##
 #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX kfence.sample_interval=100"
 
-## Disable x86 Virtual Dynamic Shared Object (vDSO) mappings.
+## Disable 32-bit Virtual Dynamic Shared Object (vDSO) mappings.
+## Legacy compatibility feature for superseded glibc versions.
 ##
-## https://en.wikipedia.org/wiki/VDSO
+## https://lore.kernel.org/lkml/20080409082927.BD59E26F992@magilla.localdomain/T/
+## https://lists.openwall.net/linux-kernel/2014/03/11/3
 ##
-## The use of 32 bit vDSO mappings is currently enabled.
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
-##
-#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX vdso32=0"
 
 ## Switch (back) to using kCFI as the default Control Flow Integrity (CFI) implementation.
 ## The default implementation is FIneIBT as of Linux kernel 6.2.