Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 18 articles for you...
79
security advisorybuffer overflowkernel patchTails 6.14.2: Critical: Kernel 6.1.133 & Perl Buffer Overflow Fix
Tails, the secure operating system designed to protect your privacy and anonymity, has just rolled out an urgent update with version 6.14.2. This release is aimed squarely at fixing critical security vulnerabilities in both the Linux kernel and the Perl programming language . The updated kernel, now at 6.1.133, patches multiple flaws that could lead to severe security breaches, such as privilege escalation and information leakage. Meanwhile, the Perl update addresses a heap-based buffer overflow that could expose your systems to denial-of-service attacks or even the execution of arbitrary code. For those already using Tails 6.0 or later, the good news is that the upgrade process is smooth and can be done automatically, ensuring you don't miss out on these vital security enhancements. If automatic updates aren't feasible, a manual upgrade is highly recommended to keep your system secure. New installations can be carried out easily with instructions for various operating systems, but remember that reinstalling Tails without upgrading will erase any Persistent Storage data. This release is not just a patch, but a critical step forward in fortifying your system's defenses and maintaining robust privacy standards. Let's examine the fixes and improvements introduced in Tails 6.14.2 and how you can upgrade to take advantage of these changes. Understanding Why This Update Matters Tails 6.14.2 isn't just another routine update; it is a crucial release aimed at patching severe vulnerabilities in the Linux kernel and the Perl programming language. Linux kernel security is paramount, as it is the foundation of the system. When vulnerabilities arise, they can jeopardize every application and process running on the system, leaving it vulnerable to attackers. The update to the Linux kernel in Tails 6.14.2 raises the version to 6.1.133. This new version addresses multiple security issues that, if left unpatched, could lead to privilege escalation or information leaks. These vulnerabilitiescould allow a malicious actor to gain higher-level access than intended, potentially compromising user data and system integrity. For a platform focused on privacy and security, such vulnerabilities are unacceptable. Simultaneously, the update includes a crucial fix for the Perl programming language , addressing a heap-based buffer overflow in version 5.36.0-7+deb12u2. This vulnerability can lead to a denial of service attack or, in worst-case scenarios, arbitrary code execution. Since Perl is extensively used within Tails for various scripting and automation tasks, ensuring its security is vital for your system's overall safety. Streamlined Upgrades for Continued Protection One of the standout features of Tails 6.14.2 is its support for automatic upgrades from Tails 6.0 or later. This seamless upgrading process is designed to be user-friendly, enabling administrators to apply critical patches quickly without significant downtime or complexity. The automatic upgrade feature ensures that even if users are not constantly monitoring for updates, their systems remain protected with the latest security patches. However, there are situations where an automatic upgrade might not be feasible. In such cases, Tails provides detailed instructions for performing a manual upgrade, ensuring that no user experiences technical difficulties. This flexibility is crucial for maintaining system integrity, regardless of the user's circumstances. New Installations and Persistent Storage Administrators can set up Tails on new devices straightforwardly. The Tails team provides comprehensive installation guides for various operating systems, including Windows, macOS, and Linux distributions like Debian or Ubuntu. These guides ensure that even users unfamiliar with Tails's intricacies can get up and running quickly. However, a critical aspect to consider is the handling of Persistent Storage. Tails's Persistent Storage is a valuable feature that allows users to retain files and configurations across reboots, arare flexibility for a system that prioritizes security and anonymity. It's important to note that reinstalling Tails instead of upgrading will erase this Persistent Storage data. Administrators must follow the upgrade path correctly to retain the information they store and the settings they use. Improving Security Through Timely Upgrades Prompt application of security updates is one of the most effective strategies for maintaining a secure operating environment. By releasing Tails 6.14.2, the team has demonstrated its commitment to safeguarding users against emerging threats. Regularly updating systems to the latest version ensures administrators can leverage the most recent security enhancements, reducing the risk of exploitation. Moreover, timely upgrades are not solely about patching known vulnerabilities; they also ensure that minor enhancements and performance improvements in the updates contribute to a smoother, faster user experience. These incremental upgrades play a critical role in maintaining robustness for an operating system designed to operate in a volatile security landscape. Practical Guide to Upgrading Tails Upgrading to Tails 6.14.2 is straightforward, especially for those already using Tails 6.0 or later. Here’s a concise guide to getting your system updated swiftly: Check for Updates: Open Tails and check for updates through the system's built-in mechanism. If an update notification appears, follow the prompts to begin the upgrade process. Automatic Upgrade: If your system supports automatic upgrades, the process will unfold smoothly with minimal user intervention. The system will download the necessary files and perform the upgrade. Manual Upgrade: In cases where an automatic upgrade isn’t feasible, Tails offers a thorough guide on manual upgrades. This typically involves downloading the latest Tails installer, verifying the download via GnuPG if on a supported OS, and following the step-by-step instructions to complete the upgrade. Verify Persistent Storage: Follow the upgrade path meticulously to keep your persistent storage data intact. Reinstallation, as opposed to upgrading, will wipe this data. Test the System: After upgrading, ensure all critical components and applications function correctly. This is crucial for maintaining operational continuity and ensuring the update hasn’t inadvertently disrupted key functionalities. Our Final Thoughts: A Comprehensive Upgrade for Robust Security Tails 6.14.2 represents more than a routine update; it's a vital enhancement designed to boost security and protect against specific threats. For Linux admins dedicated to maintaining privacy and security, promptly applying this update should be a top priority. The upgraded Linux kernel and Perl implementation address critical vulnerabilities that could expose systems to significant risks. By embracing the streamlined upgrade process, whether automatic or manual, administrators can ensure that their Tails environment remains secure and functional. The focus on retaining Persistent Storage data highlights the careful balance between maintaining security and preserving convenience. Overall, Tails 6.14.2 is a testament to the team's ongoing efforts to safeguard users in an ever-changing environment. Promptly adopting this update will not only fix existing vulnerabilities but also contribute to a more secure and seamless user experience. Staying updated with these critical security enhancements is essential as we continue to navigate a landscape where privacy is continually at risk. . The revised kernel, version 6.1.133, addresses a range of vulnerabilities that could expose critical security risks, thereby safeguarding user data.. Tails OS, Secure OS, Privacy Protection, Kernel Patch, Perl Update. . Brittany Day
Apr 16, 2025
•
Security Projects
210
security advisoryRed Hatremote code executionRed Hat: CVE-2024-36904 critical: kernel remote code execution threat
In a startling revelation, researchers have uncovered a critical vulnerability in the Linux kernel that has remained undetected for seven years, posing a significant threat to the security of Linux systems. This flaw, identified in the core TCP subsystem, results from a race condition in the inet_twsk_hashdance function, which could allow attackers to execute remote code and take over compromised devices. . Linux security administrators should be aware that this vulnerability, tracked as CVE-2024-36904 , impacts several major distributions, including Red Hat Enterprise Linux and Fedora. While real-world exploitation demands precise timing and extensive knowledge of kernel internals, the theoretical danger is substantial. Addressing this vulnerability is paramount for maintaining secure and resilient systems. The bug has been patched upstream, and affected distributions are rolling out updates . Admins must ensure their systems are updated with the latest kernel patches their distro vendors provide. This incident is a crucial reminder of the importance of timely system updates and proactive security practices to protect against long-standing and potentially devastating vulnerabilities. Let's take a closer look at this issue and its potential impact on the security of your Linux systems. I'll also explain how you can determine if you are at risk and measures you can take to secure your systems against CVE-2024-36904 and similar bugs. Understanding This Kernel Vulnerability This vulnerability has its roots in a race condition between two functions in the TCP stack: tcp_twsk_unique() and inet_twsk_hashdance() function. Essentially, a race condition occurs when the output depends on the sequence timing of uncontrollable events, potentially causing unpredictable behavior. In this case, the time-wait TCP socket’s reference counter is initialized only after it has been inserted into a hash table and a lock is released. If another lookup happens before this initialization is complete,the object found will have an uninitialized reference counter. The severity of this issue cannot be overstated. The uninitialized reference counter can trigger various warnings and lead to use-after-free conditions. In practical terms, this opens the door for attackers to manipulate this condition to execute arbitrary code within the kernel space. Kernel-level code execution means that an attacker could gain complete control over the affected system, bypassing all conventional security mechanisms and potentially causing severe damage. Who Is At Risk? The vulnerability affects several widely used Linux distributions, including Red Hat Enterprise Linux and Fedora, potentially affecting millions of systems worldwide. The threat is indiscriminate, impacting both enterprise environments and individual users. However, the complexity of exploiting this vulnerability limits its exploitation to highly skilled attackers with an in-depth understanding of kernel internals and precise timing. Despite the technical barriers to exploitation, the risk remains significant due to the broad deployment of the affected distributions. Systems running outdated kernel versions that precede the recent upstream patch are particularly at risk. This broad spectrum of potential targets means that regardless of the specifics of an individual deployment, failing to apply patches could lead to disastrous consequences should an attacker choose to exploit this vulnerability. The Critical Nature of Kernel Protection The nature of this vulnerability underscores a perennial truth in cybersecurity: the most formidable threats often lie in the most overlooked places. Kernel protections are supposed to guard the core of the operating system against such vulnerabilities, yet when flaws like this go unnoticed, it highlights the limitations of existing defenses. The kernel, being the heart of the system, has access to all hardware and system resources. Therefore, any vulnerability at this level can have catastrophic implications. Protection and Remediation The good news is that there is a solution. In May 2024, this vulnerability was patched upstream, and affected distributions have been rolling out these critical updates. The immediate action required is straightforward: update your systems to the latest kernel versions that contain the relevant security fixes. Delaying these updates only increases the window of opportunity for potential attackers. Vendor-specific updates and advisories should be monitored closely. Red Hat Enterprise Linux and other major distribution maintainers have provided clear guidance on applying these patches, and it is crucial to follow these recommendations promptly. Ensuring that automatic updates are enabled where possible can mitigate the risk of manually updating every system, though manual checks should still be conducted regularly to ensure systems remain up-to-date. Beyond merely applying patches, this incident also serves as a reminder of the broader importance of proactive kernel auditing. Routine checks and balances, coupled with comprehensive use of auditing tools such as Syzkaller, can help identify potential vulnerabilities before they can be exploited. These preemptive measures can significantly enhance system resilience. Lessons Learned The discovery of this vulnerability brings several important lessons to the forefront. First and foremost, it highlights the necessity of consistent and rigorous kernel auditing practices . The ability of a bug like this to remain undetected for seven years is a stark reminder of the depth and complexity of modern operating systems and the constant vigilance required to secure them. Furthermore, the accident of its discovery—researchers found the flaw while trying to reproduce another known bug—highlights the often serendipitous nature of security research. It underscores the importance of extensive testing and fuzzing, not only when dealing with known vulnerabilities but as a routine part of system development and maintenance. The widespread nature of this vulnerability also emphasizes the need for comprehensive patch management policies. With so many systems potentially at risk, ensuring that patches are rolled out effectively and efficiently is critical. This also extends to communication. Keeping users informed about vulnerabilities and the availability of patches helps ensure broad compliance and reduces the overall threat landscape. Finally, this incident reinforces the value of community and collaboration in the open-source world. The rapid identification, disclosure, and patching of this vulnerability were made possible thanks to the collaborative efforts of researchers, developers, and distribution maintainers. This cooperative approach is one of the pillars of open-source security and is essential for addressing the dynamic and evolving challenges in the cybersecurity landscape. Looking Forward: Our Final Thoughts on the Implications of CVE-2024-36904 The Linux community must continue creating an environment that fosters proactive security measures, timely updates, and open collaboration. The cybersecurity landscape is constantly shifting, and the discovery of a seven-year-old vulnerability is an alert that constant vigilance must always be maintained. We Linux security admins have an unmistakable path forward: prioritize updates, engage in rigorous security practices, and stay abreast of new developments and advisories to protect existing and potential vulnerabilities in their environments. By doing this, we can ensure our environments remain protected against known and emerging risks. By learning from this incident and reinforcing proactive security measures, we can ensure a more secure future for all Linux users. . Linux kernel administrators must address CVE-2024-36904 to prevent severe security threats from this long-undetected flaw.. startling, revelation, researchers, uncovered, critical, vulnerability, linux, kernel. . Brittany Day
Feb 12, 2025
•
Security Vulnerabilities
79
kernel patchdata centerperformance boostLinux 6.13 Kernel Patch Enhances Efficiency with Adaptive Polling
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center power consumption by up to 30%. This innovative patch, included in the Linux 6.13 release , enhances the network stack with an adaptive polling mechanism, significantly boosting efficiency and throughput without sacrificing security or performance. This isn't just about power savings—it's about smarter, greener computing that optimizes CPU usage and reduces operational costs. . Traditionally, Linux relies on an interrupt-driven approach for handling network data, which, while fair and effective, can be power-intensive. The new adaptive polling method automatically adjusts to network traffic, polling more during heavy loads and reverting to interrupts when traffic is light. This smart handling increases throughput and drastically cuts power usage—ideal for data center applications handling significant network loads. Let's examine how this development significantly advances more efficient and eco-friendly computing without compromising security or performance. Understanding Traditional Networking in Linux To appreciate the impact of this new kernel tweak, it's essential to understand how Linux traditionally handles network data. Historically, the Linux network stack is governed by an interrupt-driven approach. When network data arrives, the system uses interrupts to signal the CPU, prompting it to pause its current tasks and process the incoming data. This robust method ensures fairness, making it suitable for environments where multiple users run jobs simultaneously. However, it's also power-intensive, as the frequent interrupts keep the CPU constantly engaged, consuming significant energy. The Game-Changer: Adaptive Polling The newly introduced kernel patch fundamentally alters this approach by implementing an adaptive polling mechanism. This system intelligently balances polling and interrupting based on the current networktraffic. During periods of high network traffic, the CPU polls the network for new data immediately after processing the last chunk, effectively reducing the need for interrupts. When the traffic subsides, the system reverts to the interrupt-based approach, conserving energy. What makes this patch particularly appealing is its automatic nature. System administrators and users do not need to tweak settings or configure applications to benefit from this new mechanism. The kernel automatically handles the switch between polling and interrupts, optimizing performance and power usage without manual intervention. Boosting Throughput and Cutting Power Usage The benefits of the adaptive polling mechanism are twofold: an increase in throughput and a significant reduction in power consumption. Initial tests have shown that this approach can boost throughput by up to 45% while cutting power usage by as much as 30%. These gains are particularly beneficial for throughput-heavy applications commonly found in data centers, where handling significant network loads efficiently is crucial. The reduction in power consumption stems from the decreased overhead associated with processing frequent interrupts. The system can conserve energy by minimizing unnecessary CPU wake-ups, resulting in substantial savings when scaled across multiple servers in a data center environment. Understanding the Security and Efficiency Implications Integrating this kernel tweak involves more than just updating the kernel—it's about evaluating the broader implications for system security and efficiency. Keeping your system secure while implementing new features is paramount. Therefore, it's essential to ensure that new kernel updates, including this efficiency tweak, do not introduce vulnerabilities or affect real-time data processing in security-sensitive applications. This mechanism's automatic and adaptive nature demands vigilant monitoring to guarantee it operates within the expected parameters and does not inadvertentlycreate security risks. Regular audits, testing, and monitoring tools become crucial in maintaining optimal performance and security. Planning for Implementation Adopting the newly tweaked kernel requires careful planning and systematic updates . Admins should prepare for a phased rollout to kernel 6.13 or higher, testing the impact on performance and security at each stage. This approach helps identify potential issues early and ensures the system remains stable and secure throughout the transition. Moreover, using open-source monitoring tools is vital in tracking power usage and system performance post-implementation. These tools help verify that the expected benefits, such as reduced power consumption and increased throughput, are realized in practice. Admins can continuously monitor and adjust their systems for specific use cases and workloads. Beyond Networking: Encouraging Broader Efficiency Reviews This kernel tweak underscores the importance of continually reviewing and optimizing software stack efficiencies. While the adaptive polling mechanism specifically targets the network stack, it allows for exploring similar optimizations in other system parts. Admins should conduct broader efficiency reviews, potentially uncovering additional areas where performance can be improved and power consumption reduced. The Road Ahead: Adoption and Impact While the immediate benefits of this kernel tweak are evident, widespread adoption might take some time, particularly among enterprise clients who rely on long-term (LTS) releases. These clients often prefer LTS versions for their stability and extended support, meaning they might need to wait for this efficiency tweak to be incorporated into these releases before benefiting from the power savings and performance boost. Nonetheless, including the adaptive polling mechanism in the Linux kernel marks a significant step in optimizing data center operations. It aligns with the broader industry trend towards more sustainable computing practicesand highlights the ongoing innovation within the open-source community. Specific Considerations for AI and HPC Applications It’s important to note that while this kernel tweak offers substantial benefits for general data center applications, its impact on AI and High-Performance Computing (HPC) workloads might be limited. Many AI and HPC applications rely heavily on remote direct memory access (RDMA) to minimize CPU involvement in network data processing, achieving high efficiency. For these applications, the adaptive polling mechanism may not provide the same level of power savings or throughput improvements. However, administrators can still benefit from adopting the new kernel for other workloads and environments where RDMA is not a primary data transfer method. Our Final Thoughts: Embracing Smart, Eco-Friendly Computing The introduction of adaptive polling in the Linux kernel exemplifies how small, thoughtful changes can lead to significant advancements in efficiency and sustainability. This development allows Linux security administrators to enhance data center performance, reduce operational costs, and contribute to more eco-friendly computing practices. By carefully planning the integration of the new kernel and maintaining vigilant monitoring, we can ensure that our systems remain secure while reaping the benefits of increased throughput and reduced power consumption. This kernel tweak is a testament to the power of innovation within the Linux community and a step towards a more efficient and sustainable future for data center operations. . Unveil an innovative kernel update that boosts performance while reducing energy consumption in server farms through dynamic polling.. Linux Kernel Optimization, Data Center Power Savings, Adaptive Polling Mechanism. . Brittany Day
Jan 31, 2025
•
Security Projects
210
security advisorysecurity updatekernel patchKernel DMA Vulnerability CVE-2024-43856: Critical Update for Linux Admins
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant kernel vulnerability, CVE-2024-43856 . The issue involves race conditions in the dmam_free_coherent() function, which could allow race condition-based attacks against various kernel versions. . In this article, I'll describe this flaw, its potential impacts, and various kernel vendors' attempts to address its risks with security patches. Understanding This Vulnerability This vulnerability lies within a race condition, in which system stability and security depend upon uncontrollable events occurring at random times and sequences. This race condition was discovered within the Linux kernel's dmam_free_coherent() function due to improper operation order when freeing Direct Memory Access allocations and managing associated resources. DMA (Direct Memory Access) is an integral feature that enables hardware devices to directly move data between system memory and hardware devices without going through the CPU, significantly increasing performance and improving overall system reliability. However, if an issue arose with DMA, such as that seen in CVE-2024-43856, this process could become compromised, leading to incorrect memory access, data corruption, unexpected behavior, or even system crashes. Exploitation and Impact An attacker would need to carefully time their operations to coincide with when the kernel is reallocating DMA memory, freeing and reallocating it at specific moments. If successful, devres_destroy() might prematurely free an entry, which causes WARN_ON() assertion errors within dmam_match(), which forms part of the Linux kernel's DMA management subsystem. An exploit of this nature is certainly no simple matter, as it requires an in-depth knowledge of kernel inner workings and the ability to manipulate or anticipate the exact timing of events within a targeted system. A race condition could enable an attacker with such skills towrite arbitrary data into CPU memory - unquestionably posing severe security threats. What Patches & Solutions Are Available? In response to this threat, Greg Kroah-Hartman submitted a patch written by Lance Richardson from Google designed to mitigate DMA allocation vulnerabilities by switching their order of operations within dmam_free_coherent(). Now, this function ensures tracking data structures are deleted using devres_destroy() before freeing the DMA allocation via dma_free_coherent(). Restructuring is essential as it removes the chance that concurrent tasks could interfere with the cleanup process, thus closing a window through which an attacker could exploit a race condition to exploit the vulnerability. This patch received approval from key Linux kernel contributors such as Christoph Hellwig and Sasha Levin for inclusion into the mainline Linux kernel, providing users with assurance regarding its stability and reliability. Admins should implement this patch as soon as possible to safeguard their systems. They can do this via their Linux distribution's package management system using standard package updates, including CVE-2024-43856 fixes. Administrators on Debian-based systems or Red Hat-based servers can utilize commands like apt-get or yum to update kernel packages, with updates automatically downloaded and installed. This makes it simple for even less experienced administrators to secure their servers. After installing a kernel update, a reboot must be performed to activate its effects. Administrators should plan this reboot carefully to minimize impactful disruption to services and users. Our Final Thoughts on This DMA Security Vulnerability CVE-2024-43856 underscores the complexities associated with low-level system administration. Although the Linux kernel is widely recognized for its stability and security , its component modules occasionally exhibit flaws. What sets the Linux community apart is how quickly flaws such as CVE-2024-43856 can be addressed,demonstrated by their proactive development and deployment of patches such as those needed to address CVE-2024-43856. System administrators must remain vigilant in installing kernel updates promptly to protect their Linux systems against potential threats. . The DMA vulnerability in the Linux kernel threatens system integrity and data security, allowing unauthorized memory access. Timely patches are essential to mitigate risks.. Linux Kernel,Patch Management,Direct Memory Access,Kernel Vulnerabilities,Security Flaws. . Brittany Day
Sep 10, 2024
•
Security Vulnerabilities
210
kernel patchsecurity measureslinux kernelProposed Linux Kernel Patch: Disabling CONFIG_DEFAULT_CPU_MITIGATIONS Risks
A proposed Linux kernel patch would provide a new Kconfig build time option of "CONFIG_DEFAULT_CPU_MITIGATIONS_OFF" to build an insecure kernel if wanting to avoid the growing list of CPU security mitigations within the kernel and their associated performance overhead. . While risking system security, booting the Linux kernel with the " mitigations=off " option has been popular for avoiding the performance costs of Spectre, Meltdown, and the many other CPU security vulnerabilities that have come to light in recent years. Using mitigations=off allows run-time disabling of the various in-kernel security mitigations for these CPU problems. A patch proposed this week would provide CONFIG_DEFAULT_CPU_MITIGATIONS_OFF as a Kconfig switch that could optionally be enabled to have the same affect as mitigations=off but to be applied at build-time to avoid having to worry about setting the "mitigations=off" flag. The link for this article located at Phoronix is no longer available. . Turning off CPU security features during the build process through a new Kconfig option may enhance performance but poses potential security threats.. Linux Kernel Patch, CPU Mitigations, Performance Enhancements, Security Risks. . Brittany Day
Feb 13, 2023
•
Security Vulnerabilities
79
kernel patchsecurity enhancementIntelIntel AEX Notify Support For Linux: SGX Enclave Security Enhancement
Future Intel CPUs and some existing processors via a microcode update will support a new feature called the Asynchronous EXit (AEX) notification mechanism to help with Software Guard Extensions (SGX) enclave security. Patches for the Linux kernel are pending for implementing this Intel AEX Notify support with capable processors. . Intel's Asynchronous EXit (AEX) notification mechanism lets SGX enclaves run a handler after an AEX event. Those handlers can be used for things like mitigating SGX-Step as an attack framework for precise enclave execution control. The pending Linux patches confirm the AEX Notify support will be found on upcoming processors (presumably Sapphire Rapids) as well as some existing processors via microcode update. The link for this article located at Phoronix is no longer available. . Intel's AEx (Asynchronous Exit) notification system allows SGX enclaves to execute a designated handler following an AEx occurrence.. Intel AEX, SGX Enclave Security, Linux Kernel Support. . LinuxSecurity.com Team
Nov 19, 2022
•
Security Projects
210
security updatekernel patchIntelRetbleed Issue Resolved: Linux Kernel 5.19 Release Delayed Due To Testing
Linus Torvalds says Retbleed has been addressed in the Linux kernel, but code complexity means the release will be delayed by a week to give more time for testing. . Linux kernel developers have successfully addressed Retbleed, the latest Spectre-like speculative execution attack against older AMD and Intel processors, Linus Torvalds wrote in a message to the Linux Kernel Mailing List on Sunday. However, the difficult repair process means there will be a delay of the release for Linux version 5.19 by a week. "I think we've got the retbleed fallout all handled (knock wood)," Torvalds wrote . The complexity of the fix wasn't the only reason for the release; there were two other development trees that independently asked for an extension. The other trees that needed the extension involve the btrfs filesystems and firmware for Intel GPU controllers. . Kernel engineers successfully addressed the Retbleed issue but postponed the release for additional testing because of the intricate nature of the fixes and additional components required.. Retbleed Fix, Linux Kernel Update, Speculative Attack Mitigation. . Brittany Day
Jul 19, 2022
•
Security Vulnerabilities
79
kernel patchUbuntuLinux updateUbuntu 20.04 Kernel Update Causes System Outages for Docker Users
If you spent the early days of June fighting kernel panics in Ubuntu 20.04, you were not alone – and we now know why. . A problem with a Ubuntu-specific Linux kernel patch early last month rendered many systems, running Docker on that flavor of the operating system unusable, and it probably won't be the last time. The whole debacle can be traced back to a bad distro-specific kernel update for Ubuntu 20.04 — Canonical's long-term support (LTS) release — that started rolling out on or about June 8. Within hours of the patch hitting systems, bug reports began filing in. . A particular update to the Linux kernel in Ubuntu resulted in widespread system failures for many users, highlighting possible dangers in upcoming versions.. Kernel Patch Failure, Docker Compatibility Problems, Linux Kernel Bugs. . LinuxSecurity.com Team
Jul 11, 2022
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More