grsecurity

@[email protected]
170 Followers
0 Following
44 Posts
Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by Open Source Security, Inc.
grsecurityMay 15

RE: https://infosec.exchange/@grsecurity/116575045401792453

We've just published a Knowledge Base article with more information about the vulnerability, current published/unpublished exploits, and current mitigations. We still recommend patching ASAP.

Show threadgrsecurityMay 14
Multiple suid binary targets, please do not rely on individual ones you see posted as effective mitigations. Current exploits are only gaining read access to [/]etc[/]shadow, but can't guarantee read/write to something useful isn't possible.
grsecurityMay 14

RE: https://infosec.exchange/@grsecurity/116574872357950375

Exploits are now appearing targeting pidfd, which is forced into all Linux kernels since 5.10 (2020), no module or initcall to blacklist this time, must patch ASAP!

grsecurityMay 14

RE: https://infosec.exchange/@grsecurity/116574524156524104

We've just sent a mail to all customers notifying them of this issue, with split-out fixes available for 5.15, 6.6, and 6.18. We'll share more information on our Knowledge Base as it becomes available.

Show threadgrsecurityMay 14
The commit message makes no mention of it, but we believe the goal of exploiting the vulnerability would be to target a suid root binary that drops its privileges while retaining privileged access to a file on exit that via the vuln an unprivileged user could gain access to.
grsecurityMay 14
We've uploaded new patches for 5.15, 6.6, and 6.18 to address an obfuscated upstream Linux logic vulnerability that should exist in all kernel versions: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a
ptrace: slightly saner 'get_dumpable()' logic - kernel/git/torvalds/linux.git - Linux kernel source tree

grsecurityMay 8
We've published a detailed KB article for customers on the two vulnerabilities involved in Dirty Frag and the associated public exploits, feel free to reach out with any questions.
grsecurityApr 30

RE: https://infosec.exchange/@grsecurity/116493859237230837

The KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available.

grsecurityApr 30
Updated 5.15 and 6.6 patches are now available. We're now preparing a KB article with more guidance than shared in last night's email with links to combined/split-out patches for both 5.15 and 6.6 for those on older kernels who need CONFIG_CRYPTO_USER_API_AEAD enabled (which shouldn't be anyone)
Show threadgrsecurityApr 30
For RHEL/RHEL-derived configurations, this approach will work (the function name has been stable since 2015 and initcall_blacklist has been supported since 2014): https://news.ycombinator.com/item?id=47956504
How about blacklisting algif_aead initialization function on RHEL 9/10? I added ... | Hacker News