#kernelsecurity — Public Fediverse posts

🔐 New Linux kernel vulnerability disclosed: CVE-2026-46300 “Fragnesia”
A new local privilege escalation flaw affecting Linux XFRM/IPsec components has been identified, related to the same vulnerability class as Dirty Frag and Copy Fail.
We’ve published a brief impact assessment and mitigation guidance for RELIANOID environments.
#Linux #CyberSecurity #KernelSecurity #CVE #InfoSec #RELIANOID
https://www.relianoid.com/resources/knowledge-base/troubleshooting/cve-2026-46300-fragnesia-linux-kernel-vulnerability/

Gentoo's recent "vulnerabilities" read like a bad soap opera: "Copy Fail," "Dirty Frag," and "Fragnesia"—because nothing says secure like a kernel with amnesia. 😂🔑 Maybe next they'll discover "Oopsie-Daisy" and "Whoops-a-Doodle." 🤷‍♂️🐧
https://www.gentoo.org/news/2026/05/19/copy-fail-fragnesia-vulnerabilities.html #Gentoo #Vulnerabilities #SoapOpera #KernelSecurity #TechHumor #LinuxFun #HackerNews #ngated

🔐 “Copy Fail” and “Dirty Frag” are the latest Linux kernel vulnerabilities putting enterprise infrastructures under pressure.

Our latest article explores how kernel-level flaws are reshaping security priorities across cloud, Kubernetes, containers, and production Linux environments.

#Linux #CyberSecurity #KernelSecurity #Kubernetes #DevOps #InfoSec #FOSS #RELIANOID
https://www.relianoid.com/blog/linux-kernel-vulnerabilities-under-pressure-how-they-are-reshaping-enterprise-security-priorities/

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption

#HackerNews #macOS #exploit #AppleM5 #kernelsecurity #memorycorruption #HackerNews

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption

#HackerNews #macOS #exploit #AppleM5 #kernelsecurity #memorycorruption #HackerNews

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption

#HackerNews #macOS #exploit #AppleM5 #kernelsecurity #memorycorruption #HackerNews

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption

#HackerNews #macOS #exploit #AppleM5 #kernelsecurity #memorycorruption #HackerNews

First public macOS kernel memory corruption exploit on Apple M5

https://blog.calif.io/p/first-public-kernel-memory-corruption

#HackerNews #macOS #exploit #AppleM5 #kernelsecurity #memorycorruption #HackerNews

Copy Fail (CVE-2026-31431) is a 4-byte write into the Linux page cache that hands root to any local user in seconds. No race, no ASLR bypass, a 2017 "in-place is faster" optimization in algif_aead, exploitable in 2026 with 732 bytes of Python.
The boundaries that hold are the ones that don't share a kernel: Firecracker, V8 isolates, gVisor. Shared-kernel containers, you have homework.
#LinuxSecurity #KernelSecurity #DevOps

https://open.substack.com/pub/doriandiaconu/p/copy-fail

LWN.net is *thrilled* to announce that #AI is now flooding the kernel security list with *riveting* #reports at an unprecedented rate. 🎉 Who needs #quality when you can have *quantity*, right? 👏 Apparently, robots are the new unpaid interns, churning out security tattle faster than humans can hit "unsubscribe." 🤖📈
https://lwn.net/Articles/1065620/ #LWNnet #KernelSecurity #Quantity #Over #UnpaidInterns #HackerNews #ngated

Got tricked into writing a blog post better explaining the linux kernel's audit system and setting it up in Nix

It's a moving work of art and you should read it; it will look great on your wedding day: https://blog.xvrqt.com/nix-audit.html

#nix #nixos #linux #kernelsecurity

Avances en el curso de #Linux #Hardening! 🚀

Hoy parametrizamos el núcleo para maximizar su seguridad 🤓

Grabé algunas opciones para mitigar ataques de DoS, ICMP/Ping Flooding, y Smurf.

Y para probar los parámetros, nada mejor que armar un lab, realizar los ataques, y ver cómo responde el sistema 🖥️

Se va poniendo interesante!
Alguien interesado/a por acá? 🤗

Los tengo informados!

#KernelSecurity #DoSMitigation #ICMPFlood #SmurfAttack #NetworkSecurity #CyberSecurity #SysAdmin #DevSecOps

🥴 Ah, yes, Rust in the kernel, because what we really need is to sprinkle more coding languages into the tech soup 🍲. Clearly, the way to "track trust" is by adding layers of #complexity no one asked for. Kernel security? Just slap some Rust on it, problem solved! 🙄
https://lwn.net/Articles/1034603/ #RustInKernel #TechSoup #CodingLanguages #KernelSecurity #HackerNews #ngated

🥴 Ah, yes, Rust in the kernel, because what we really need is to sprinkle more coding languages into the tech soup 🍲. Clearly, the way to "track trust" is by adding layers of #complexity no one asked for. Kernel security? Just slap some Rust on it, problem solved! 🙄
https://lwn.net/Articles/1034603/ #RustInKernel #TechSoup #CodingLanguages #KernelSecurity #HackerNews #ngated

🥴 Ah, yes, Rust in the kernel, because what we really need is to sprinkle more coding languages into the tech soup 🍲. Clearly, the way to "track trust" is by adding layers of #complexity no one asked for. Kernel security? Just slap some Rust on it, problem solved! 🙄
https://lwn.net/Articles/1034603/ #RustInKernel #TechSoup #CodingLanguages #KernelSecurity #HackerNews #ngated

🥴 Ah, yes, Rust in the kernel, because what we really need is to sprinkle more coding languages into the tech soup 🍲. Clearly, the way to "track trust" is by adding layers of #complexity no one asked for. Kernel security? Just slap some Rust on it, problem solved! 🙄
https://lwn.net/Articles/1034603/ #RustInKernel #TechSoup #CodingLanguages #KernelSecurity #HackerNews #ngated

Proof-of-work to protect lore.kernel.org and git.kernel.org against AI crawlers

https://social.kernel.org/notice/AsgziNL6zgmdbta3lY

#HackerNews #ProofOfWork #AIProtection #KernelSecurity #OpenSource #Git

Good and interesting presentation by Joe Bialek:

Pointer Problems – Why We’re Refactoring the Windows Kernel:

https://youtube.com/watch?v=-3jxVIFGuQw

#microsoft #windows #kernelsecurity #programming #kernel

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec

I had the pleasure to contribute to Lukas Maar's #USENIX2024 paper "SLUBStick".
SLUBStick elevates limited heap vulnerabilities within the #Linux kernel to arbitrary memory read-and-write primitives, leveraging a timing side channel.
Thanks to Lukas Maar, Martin Unterguggenberger, Mathias Oberhuber and Stefan Mangard for this great opportunity!
Congratulations to Lukas Maar for driving the paper to acceptance at USENIX Security!

You can read the full paper here: https://stefangast.eu/papers/slubstick.pdf

#SLUBStick #Kernel #Linux #KernelSecurity #sidechannel #usenixsecurity #usenixsec