grsecurity
@grsecurity.bsky.social
Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsec
Our 6.18 #grsecurity LTS release, to be supported through at least the end of 2028, is now available!
January 28, 2026 at 12:21 AM
Our 6.18 #grsecurity LTS release, to be supported through at least the end of 2028, is now available!
Just sent out our year end wrap-up mail to customers. It's a bit bigger than usual, so grab yourself some Swiss Miss and enjoy!
If you didn't receive it, but should have, just reach out and we'll make sure you're on the list.
Happy holidays!
If you didn't receive it, but should have, just reach out and we'll make sure you're on the list.
Happy holidays!
December 16, 2025 at 7:47 PM
Just sent out our year end wrap-up mail to customers. It's a bit bigger than usual, so grab yourself some Swiss Miss and enjoy!
If you didn't receive it, but should have, just reach out and we'll make sure you're on the list.
Happy holidays!
If you didn't receive it, but should have, just reach out and we'll make sure you're on the list.
Happy holidays!
6.18 has been selected as the next #grsecurity stable kernel version, to be supported through the end of 2028, one year longer than the upstream LTS EOL date of Dec 2027.
December 4, 2025 at 11:51 PM
6.18 has been selected as the next #grsecurity stable kernel version, to be supported through the end of 2028, one year longer than the upstream LTS EOL date of Dec 2027.
Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.
June 26, 2025 at 10:59 PM
Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.
Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation
May 23, 2025 at 12:52 PM
Nice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation
It's now available!
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
February 24, 2025 at 7:42 PM
It's now available!
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
February 19, 2025 at 8:44 PM
We expect our 6.13 #grsecurity beta to be available within the next two weeks.
Our 6.12 #grsecurity beta is now available to beta testers for testing
January 16, 2025 at 9:13 PM
Our 6.12 #grsecurity beta is now available to beta testers for testing
Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
If you've never heard of "paging-structure caches" before, check it out!
December 23, 2024 at 4:21 PM
Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers
If you've never heard of "paging-structure caches" before, check it out!
If you've never heard of "paging-structure caches" before, check it out!
We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
November 5, 2024 at 7:00 PM
We need to post a correction to yesterday's eBPF performance numbers:
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him.
The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s)
Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
November 4, 2024 at 8:46 PM
Performance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!
Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...
Check it out here: grsecurity.net/cross_proces...
October 19, 2024 at 10:09 AM
Johannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year.
Check it out here: grsecurity.net/cross_proces...
Check it out here: grsecurity.net/cross_proces...
A new version of paxctld (1.2.6) is now available for download!
September 25, 2024 at 5:18 PM
A new version of paxctld (1.2.6) is now available for download!