Linux Security News Archives


235 Linux Security open-source and Linux related news articles on Phoronix since 2006.

Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed
Linux x86 32-bit Is Vulnerable To Retbleed But Don't Expect It To Get Fixed

While relevant Intel and AMD processors have been mitigated for the recent Retbleed security vulnerability affecting older generations of processors, those mitigations currently just work for x86_64 kernels and will not work if running an x86 (32-bit) kernel on affected hardware. But it's unlikely to get fixed unless some passionate individual steps up as the upstream developers and vendors have long since moved on to just caring about x86_64.

24 July 2022 - Linux x86 + Retbleed - 24 Comments
Linux Lands Fix For A Trivial Lockdown Bypass Bug
Linux Lands Fix For A Trivial Lockdown Bypass Bug

Merged this afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode.

20 July 2022 - CVE-2022-21505 - 7 Comments
Linux To Drop "nordrand" Option - Users Should Instead Switch To "random.trust_cpu"
Linux To Drop "nordrand" Option - Users Should Instead Switch To "random.trust_cpu"

The Linux kernel has long honored the "nordrand" kernel parameter to disable kernel use of the Intel RDRAND and RDSEED instructions if not trusting them -- either out of security concerns that they could be compromised by the vendor or running into hardware/firmware issues around RdRand usage. But the Linux kernel is preparing to drop that kernel parameter with users encouraged to use the more generic "random.trust_cpu" parameter.

10 July 2022 - RdRand Bull Mountain - 6 Comments
Experimental "FineIBT" Series Published For Linux - Building Atop Intel CET/IBT
Experimental "FineIBT" Series Published For Linux - Building Atop Intel CET/IBT

Merged as part of Linux 5.18 is Intel's Indirect Branch Tracking (IBT) support as part of CET (Control Flow Enforcement) technology. Indirect Branch Tracking is intended to help protect against JUMP/CALL oriented attacks as part of CET's control-flow integrity protections. Meanwhile still being worked on is "FineIBT" as a more compiler-hardened version built atop Intel CET/IBT.

20 April 2022 - FineIBT - 2 Comments
Linux To Try To Opportunistically Initialize /dev/urandom

Linux 5.18 is bringing many random/RNG improvements thanks to the work of kernel developer Jason Donenfeld. One of the changes though that had to be backed out during the merge window was trying to get /dev/random and /dev/urandom to behave exactly the same. While reverted for now with the 5.18 code, Donenfeld has prepared a change that should get it into good shape for major architectures with the next kernel cycle.

7 April 2022 - Linux RNG - 9 Comments
x86 Straight Line Speculation CPU Mitigation Appears For Linux 5.17
x86 Straight Line Speculation CPU Mitigation Appears For Linux 5.17

The Linux 5.17 kernel is introducing support for the x86 straight-line speculation "SLS" mitigation with it becoming increasingly clear modern x86_64 CPUs are susceptible to speculatively executing linearly in memory past an unconditional change in control flow.

12 January 2022 - Straight Line Speculation - 4 Comments
FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022
FGKASLR Is An Exciting Linux Kernel Improvement To Look Forward To In 2022

It's been nearly two years in the making since Intel posted FGKASLR patches for improving Linux kernel security. While that work on Finer Grained / Function Granular KASLR stalled for a year, in recent months work on it was revived and in 2022 looks like this security is on a path for mainlining.

26 December 2021 - Function Granular KASLR - 3 Comments
FGKASLR Appears Closer To Mainline For Improving Linux Security
FGKASLR Appears Closer To Mainline For Improving Linux Security

Kernel Address Space Layout Randomization has been common on Linux for a decade and a half now while more recently has been Function-Granular (or sometimes referred to as Finer-Grained) KASLR for further upping the security benefits by making it much harder to predict kernel address positions for attacks.

3 December 2021 - Function Granular KASLR - 1 Comment
Google Proposes "Page Table Check" For Fighting Some Types Of Linux Memory Corruption
Google Proposes "Page Table Check" For Fighting Some Types Of Linux Memory Corruption

Last week Google engineers uncovered a reference count underflow issue affecting all Linux kernels going back to v4.14 in 2017. This issue led to memory leaking from one process to another and only uncovered by accident. To address this class of memory corruption issues moving forward, Google is proposing a new "Page Table Check" feature moving forward.

17 November 2021 - Page Table Check - 9 Comments
GCC & LLVM Patches Pending To Fend Off Trojan Source Attacks

Making rounds today are the "Trojan Source" attacks by which text displayed to the end-user/developer doesn't match what is actually being executed. The problem stems from Unicode standards and could lead to malicious code being inadvertently introduced into upstream code-bases that could be overlooked during code review processes, etc. GCC and LLVM/Clang are among the early compilers preparing defenses against Trojan Source style attacks.

1 November 2021 - CVE-2021-42574 - 4 Comments
Linux + GCC/Clang Patches Coming For Straight-Line Speculation Mitigation On x86/x86_64
Linux + GCC/Clang Patches Coming For Straight-Line Speculation Mitigation On x86/x86_64

Disclosed last year by Arm was their processors affected by a straight-line speculation vulnerability. In this case the processor could speculatively execute instructions linearly in memory past an unconditional change in control flow. There has been talk about possible straight-line speculation on x86/x86_64 but without any action while now GCC and LLVM/Clang compiler developers along with Linux kernel developers are preparing such mitigation support.

28 October 2021 - Straight-Line Speculation - 2 Comments
OpenSSL 3.0 Officially Released

After many development snapshots and three years worth of work, OpenSSL 3.0 is now available as a major update to this widely-used SSL library.

7 September 2021 - OpenSSL 3.0 - 32 Comments
Finer Grained KASLR Patches Revived For The Linux Kernel To Enhance Security

For more than a year there has been work on FGKASLR for finer grained kernel address space layout randomization. While KASLR is widely-used these days, with enough guessing or unintentional kernel leakage, the base address of the kernel can be figured out. Finer grained KASLR allows for randomization at the per-functional level to dramatically boost defenses. The latest take on FG-KASLR has now been published.

7 September 2021 - FGKASLR - 4 Comments
Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities
Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities

Worked on for more than one year is the patches out of Amazon for allowing opt-in L1 data cache flushing on context switching. This L1d flushing is done in the name of greater security given the various CPU speculative execution hardware vulnerabilities these days and protecting against other possible future vulnerabilities. After trying to get the code merged last summer, Linus Torvalds called it "beyond stupid" and reverted the code but now for Linux 5.15 a revised form of it was submitted.

30 August 2021 - L1 Data Cache Flushing - 17 Comments
Huawei Proposes In-Kernel Transactional Database For Security Purposes

While some Huawei engineers are currently facing criticism for submitting superfluous kernel patches in an effort to boost their own or the company's standing in the kernel community, other engineers at Huawei are working on more substantive kernel patches. Here's a rather peculiar new patch series out on Friday where a Huawei engineer is effectively proposing an in-kernel transactional database.

26 June 2021 - Digest Lists - 11 Comments
Google Proposes An Open-Source Vulnerability Interchange Schema
Google Proposes An Open-Source Vulnerability Interchange Schema

As part of Google's latest work on trying to enhance open-source software security, months after starting their own open-source vulnerability database they are now looking to push an open-source vulnerability interchange schema to make it easier to exchange information on vulnerabilities and making it easier for automated analysis.

24 June 2021 - Vulnerability Schema - 5 Comments

235 Linux Security news articles published on Phoronix.