Linux Security News Archives
OpenSSL 3.0 Officially Released

After many development snapshots and three years worth of work, OpenSSL 3.0 is now available as a major update to this widely-used SSL library.

7 September 2021 - OpenSSL 3.0 - 32 Comments
Finer Grained KASLR Patches Revived For The Linux Kernel To Enhance Security

For more than a year there has been work on FGKASLR for finer grained kernel address space layout randomization. While KASLR is widely-used these days, with enough guessing or unintentional kernel leakage, the base address of the kernel can be figured out. Finer grained KASLR allows for randomization at the per-functional level to dramatically boost defenses. The latest take on FG-KASLR has now been published.

7 September 2021 - FGKASLR - 4 Comments
Opt-In L1 Cache Flushing To Try For Linux 5.15 To Help With The Paranoid, Future CPU Vulnerabilities

Worked on for more than one year is the patches out of Amazon for allowing opt-in L1 data cache flushing on context switching. This L1d flushing is done in the name of greater security given the various CPU speculative execution hardware vulnerabilities these days and protecting against other possible future vulnerabilities. After trying to get the code merged last summer, Linus Torvalds called it "beyond stupid" and reverted the code but now for Linux 5.15 a revised form of it was submitted.

30 August 2021 - L1 Data Cache Flushing - 17 Comments
Huawei Proposes In-Kernel Transactional Database For Security Purposes

While some Huawei engineers are currently facing criticism for submitting superfluous kernel patches in an effort to boost their own or the company's standing in the kernel community, other engineers at Huawei are working on more substantive kernel patches. Here's a rather peculiar new patch series out on Friday where a Huawei engineer is effectively proposing an in-kernel transactional database.

26 June 2021 - Digest Lists - 11 Comments
Google Proposes An Open-Source Vulnerability Interchange Schema

As part of Google's latest work on trying to enhance open-source software security, months after starting their own open-source vulnerability database they are now looking to push an open-source vulnerability interchange schema to make it easier to exchange information on vulnerabilities and making it easier for automated analysis.

24 June 2021 - Vulnerability Schema - 5 Comments
New Spectre Variants Discovered By Exploiting Micro-op Caches

University of Virginia and University of California San Diego researchers have discovered multiple new variants of Spectre attacks that are not protected by existing Spectre mitigations and could yield both Intel and AMD CPUs leaking data via micro-op caches.

1 May 2021 - Micro-Op Cache Exploits - 40 Comments
Secret Memory Areas For Linux Might Finally Be Ready With memfd_secret

In development for more than one year has been the ability to create secret memory areas on Linux that would be visible only to the owning process and is not mapped for other processes or the kernel page tables. That "memfd_secret" system call has finally materialized in Linux-Next and looking like it could be ready for mainline.

13 April 2021 - memfd_secret - 15 Comments
Linux Core Scheduling Nears The Finish Line To Avoid Flipping Off HT

Besides Linux kernel developers still working to optimize code due to Retpolines overhead three years after Spectre rocked the ecosystem, another area kernel developers have still been actively working on is core scheduling for controlling the behavior of what software can share CPU resources or run on the sibling thread of a CPU core. That core scheduling work is finally closer to the mainline Linux kernel.

25 March 2021 - Core Scheduling - 23 Comments

203 Linux Security news articles published on Phoronix.