Linux Security News Archives
Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

6 August 2020 - Reviving Foreshadow - 42 Comments
FGKASLR Revved For Improving Linux Kernel Security

Intel open-source developer Kristen Carlson Accardi continues work on Function Granular Kernel Address Space Layout Randomization (FGKASLR) as a big improvement over traditional KASLR address space layout randomization.

23 July 2020 - Function Granular KASLR - 10 Comments
Another Attack Vector Uncovered For Bypassing Linux Lockdown Via ACPI Tables

This weekend we reported on how injecting ACPI tables could lead to bypassing Linux's lockdown / UEFI Secure Boot protections and let attackers load unsigned kernel modules. That earlier issue was found on a patched version of the Ubuntu 18.04 LTS kernel while now a similar attack vector has been discovered on the mainline Linux kernel.

15 June 2020 - Linux Lockdown Bypass - 10 Comments
SELinux Seeing Performance Improvements With Linux 5.7

A few months back when we last looked at the performance impact of having SELinux enabled there was a hit but not too bad for most workloads. But we'll need to take another look soon as with the Linux 5.7 kernel are some performance improvements and more for SELinux.

2 April 2020 - Linux 5.7 SELinux - 5 Comments
Linux 5.6 Crypto Code Brings The New AMD TEE Driver

Herbert Xu sent in all of the crypto subsystem changes on Tuesday for the in-development Linux 5.6 kernel. Interesting us the most out of this crypto work is the AMD Trusted Execution Environment (TEE) driver.

28 January 2020 - Trusted Execution - 5 Comments
Google's Kernel Runtime Security Instrumentation (KRSI) Is Something To Look Forward To In 2020

Back in September was an initial "request for comments" by Google on some kernel work they are doing with Kernel Runtime Security Instrumentation (KRSI) for providing eBPF-powered security helpers, ultimately for creating dynamic MAC and audit policies. Just before Christmas the first official version of this new eBPF-based instrumentation was sent out and is being prepared for deployment within Google.

31 December 2019 - Linux KRSI - 17 Comments
Kernel Address Space Isolation Is Still Being Explored For Better Security

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated.

2 November 2019 - Address Space Isolation - 1 Comment
Landlock Revved An 11th Time For Unprivileged Yet Powerful Security Sandboxes

We first wrote about the Landlock Linux security module in 2016 with its aspirations for offering powerful security sandboxing abilities. Landlock has seen revisions every few months and this week marks the 11th time the patches have been volleyed for this interesting sandboxing Linux Security Module (LSM).

30 October 2019 - Landlock LSM - 1 Comment

155 Linux Security news articles published on Phoronix.