The KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available.
grsecurity@grsecurity
Patches are now available, KB article next with links to the combined/split-out patches
English
grsecurity
3.6K posts
grsecurity
@grsecurity
Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsec
Katılım Haziran 2012
1 Takip Edilen8.8K Takipçiler
Patches are now available, KB article next with links to the combined/split-out patches
grsecurity@grsecurity
We'll have updated 5.15 and 6.6 patches available shortly (despite 5.15 being EOL) along with split-out patches available for both 5.15 and 6.6 for those on older kernels who need CONFIG_CRYPTO_USER_API_AEAD enabled (which shouldn't be anyone)
English
We'll have updated 5.15 and 6.6 patches available shortly (despite 5.15 being EOL) along with split-out patches available for both 5.15 and 6.6 for those on older kernels who need CONFIG_CRYPTO_USER_API_AEAD enabled (which shouldn't be anyone)
English
For RHEL/RHEL-derived configurations, this approach will work (the function name has been stable since 2015 and initcall_blacklist has been supported since 2014): news.ycombinator.com/item?id=479565…
English
Don't rely on mitigation suggestions from others floating around: non-readable suid binaries only does something for this specific exploit, it's exploitable in other ways that don't involve suid binaries at all.
English
Under a system with LUKS (af_alg loaded at boot) and a non-RHEL-derived config, exploitation will fail as an unprivileged user as follows:
English
Note that if you're using LUKS, af_alg may be loaded as a module at boot, and if you're using RHEL or a derivative, it builds in CONFIG_CRYPTO_USER_API_AEAD, making MODHARDEN (and the mitigation recommendation from copy.fail) ineffective: oracle.github.io/kconfigs/?conf…
English
As copy.fail (CVE-2026-31431) is a logic flaw, #grsecurity kernels older than our 6.18.21 LTS patch from April 14th with CONFIG_CRYPTO_USER and CONFIG_CRYPTO_USER_API_AEAD built-in or already loaded as a module by a privileged user are affected.
English
Small note regarding the latter stat: it's expected to grow somewhat in the coming months as the Linux CNA still hasn't issued CVEs for the majority of security-relevant fixes from the past few months. Likewise, the former stat will presumably shrink slightly.
English
Our final #grsecurity 5.15 patch is being released today, updated to 5.15.203.
Some final stats: it includes ~1300 security/stability-relevant backports missing from upstream 5.15 LTS as well as fixes for 195 CVEs lacking fixes upstream.
English
grsecurity retweetledi
Our report for March 2026 is out, with the main news being that gccrs will be presenting a talk at Rustconf 2026! We look forward to the event!
rust-gcc.github.io/2026/04/13/202…
English
It's now available!
grsecurity@grsecurity
We expect our 6.19 beta to be available for testing within the next two weeks.
English
Preparatory patches: github.com/NVIDIA/open-gp…
Full Kbuild support: github.com/NVIDIA/open-gp…
#grsecurity compatibility: github.com/NVIDIA/open-gp…
English
Today, @_minipli has submitted patches for the NVIDIA open gpu kernel modules that implement full Kbuild support, paving the way for CFI, KASAN/UBSAN, and our many compiler plugins.
Running AI workloads with NVIDIA GPUs no longer means weakening kernel security.
Links below 👇
English
grsecurity retweetledi
Qualys Threat Research Unit (TRU) discovered CrackArmor: 9 AppArmor flaws impacting 12M+ Linux systems since 2017. These enable root access & container breakouts.
Patch your kernels now! Details: bit.ly/4s2c3O4
#Linux #Cybersecurity #CrackArmor"
English
We expect our 6.19 beta to be available for testing within the next two weeks.
English
grsecurity retweetledi
Here is our report for the first month of 2026, with an interesting little dive into a name resolution problem we fixed this month :)
rust-gcc.github.io/2026/02/10/202…
English