While relevant Intel and AMD processors have been mitigated for the recent Retbleed security vulnerability affecting older generations of processors, those mitigations currently just work for x86_64 kernels and will not work if running an x86 (32-bit) kernel on affected hardware. But it's unlikely to get fixed unless some passionate individual steps up as the upstream developers and vendors have long since moved on to just caring about x86_64.
Merged yesterday afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode.
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing.
Linux kernel developers have addressed the Retbleed speculative execution bug in older Intel and AMD silicon, but the fix wasn't straightforward, so emperor penguin Linus Torvalds has delayed delivery of the next version by a week.
A seemingly major vulnerability has been discovered by security researcher and Northwestern PhD student Zhenpeng Lin, affecting the kernel on the Pixel 6 and 6 Pro and other Android devices running Linux kernel versions based on 5.10 like the Galaxy S22 series. Precise details for how the vulnerability works have not yet been published, but the researcher claims that it can enable arbitrary read and write, privilege escalation, and disable SELinux security protections — in short, this is a biggie.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.
Microsoft has fixed a container escape bug dubbed FabricScape in the Service Fabric (SF) application hosting platform that let threat actors escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster.
A high-severity Linux vulnerability capable of granting abusers root access to target endpoints is being exploited in the wild, researchers have warned.
Today, Canonical published new Linux kernel security updates for all supported Ubuntu releases and it looks like it’s a massive update that addresses more than 30 security vulnerabilities.
Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs.
Security researcher Jason Donenfeld who is known for leading the development of the WireGuard open-source software has outlined a new security vulnerability affecting the Oracle VM VirtualBox software.
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.
The Debian Project has published a massive Linux kernel security update for its Debian GNU/Linux 11 “Bullseye” operating system series to address 19 security vulnerabilities discovered by various security researchers in the upstream Linux 5.10 LTS kernel, which may lead to a privilege escalation, denial of service or information leaks.
If you're running a Linux distro on your computer or use an Android smartphone, you should install the latest updates immediately as a severe security vulnerability has been found and patched in the Linux kernel.
Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps.
