Foundational security for the Linux kernel. Solving the most difficult memory unsafety problems. Created by @opensrcsechttps://bsky.app/profile/grsecurity.bsky.socialhttps://bsky.app/profile/grsecurity.bsky.social/post/3mkqdxrbb6s2bThe KB article with links to the combined/split-out patches for 5.15 and 6.6 (adapted to grsecurity) are now available. [contains quote post or other embedded content]30 Apr 2026 19:29 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3mkqdxrbb6s2bhttps://bsky.app/profile/grsecurity.bsky.social/post/3mkppeftdvk26Updated 5.15 and 6.6 patches are now available. We're now preparing a KB article with more guidance than shared in last night's email with links to combined/split-out patches for both 5.15 and 6.6 for those on older kernels who need CONFIG_CRYPTO_USER_API_AEAD enabled (which shouldn't be anyone)30 Apr 2026 13:20 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3mkppeftdvk26https://bsky.app/profile/grsecurity.bsky.social/post/3mko6hbg4h226Creating a separate post so more people see this: the mitigation recommended by Theori.io for copy.fail *WILL NOT WORK* for any RHEL or RHEL-derived distro, including CentOS, Fedora, Oracle, and Alma as the vulnerable code is built-in.29 Apr 2026 22:45 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3mko6hbg4h226https://bsky.app/profile/grsecurity.bsky.social/post/3mhg673ajw22qToday, Mathias Krause of our team has submitted patches for the NVIDIA open gpu kernel modules that implement full Kbuild support, paving the way for CFI, KASAN/UBSAN, and our many compiler plugins. Running AI workloads with NVIDIA GPUs no longer means weakening kernel security. Links below 👇️19 Mar 2026 14:03 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3mhg673ajw22qhttps://bsky.app/profile/grsecurity.bsky.social/post/3mdgyubvtpc2tOur 6.18 #grsecurity LTS release, to be supported through at least the end of 2028, is now available!28 Jan 2026 00:20 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3mdgyubvtpc2thttps://bsky.app/profile/grsecurity.bsky.social/post/3ma4vyaj3t22eJust sent out our year end wrap-up mail to customers. It's a bit bigger than usual, so grab yourself some Swiss Miss and enjoy! If you didn't receive it, but should have, just reach out and we'll make sure you're on the list. Happy holidays!16 Dec 2025 19:46 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3ma4vyaj3t22ehttps://bsky.app/profile/grsecurity.bsky.social/post/3m7762lxjy22g6.18 has been selected as the next #grsecurity stable kernel version, to be supported through the end of 2028, one year longer than the upstream LTS EOL date of Dec 2027.04 Dec 2025 23:51 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3m7762lxjy22ghttps://bsky.app/profile/grsecurity.bsky.social/post/3lska3unkgc26Quick reminder that our 6.8 short-term stable kernel goes EOL at the end of this month. Some stats: over the period of a year, it included over 1500 security/stability-relevant backports.26 Jun 2025 22:59 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3lska3unkgc26https://bsky.app/profile/grsecurity.bsky.social/post/3lptodrc7us2xNice demo: tested a vulnerable Ubuntu 22.04 system for glibc CVE-2025-4802 using Solar Designer's PoC adapted to Ubuntu (replace any occurrence of "myhostname" with "mdns4_minimal"). Even an old #grsecurity 5.4.96 kernel from February 8 2021 prevented exploitation23 May 2025 12:52 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3lptodrc7us2xhttps://bsky.app/profile/grsecurity.bsky.social/post/3lix47e67xc2vIt's now available! [contains quote post or other embedded content]24 Feb 2025 19:42 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3lix47e67xc2vhttps://bsky.app/profile/grsecurity.bsky.social/post/3likne5rons2xWe expect our 6.13 #grsecurity beta to be available within the next two weeks.19 Feb 2025 20:44 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3likne5rons2xhttps://bsky.app/profile/grsecurity.bsky.social/post/3lhc7b6itgk2uhttps://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w03 Feb 2025 18:46 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3lhc7b6itgk2uhttps://bsky.app/profile/grsecurity.bsky.social/post/3lfv73yrd3k2cOur 6.12 #grsecurity beta is now available to beta testers for testing16 Jan 2025 21:13 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3lfv73yrd3k2chttps://bsky.app/profile/grsecurity.bsky.social/post/3ldydlaihx224Slides for Pawel's H2HC presentation this month on the TLB are now available on grsecurity.net/papers If you've never heard of "paging-structure caches" before, check it out!23 Dec 2024 16:21 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3ldydlaihx224https://bsky.app/profile/grsecurity.bsky.social/post/3la7w4oq3ns2eWe need to post a correction to yesterday's eBPF performance numbers: Mathias Krause wasn't happy with just a 30x speedup and took a look at one final bottleneck that was bothering him. The speedup over vanilla is now 747x 🤯 (5.27s vs 1h5m40s) [contains quote post or other embedded content]05 Nov 2024 19:00 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3la7w4oq3ns2ehttps://bsky.app/profile/grsecurity.bsky.social/post/3la5lksyyzo2pPerformance isn't the enemy of security: we care about both. Today's patches finish off a set of security/performance improvements to eBPF. Below we show a ~30x speedup vs vanilla in running the eBPF selftests with every single #grsecurity option enabled!04 Nov 2024 20:46 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3la5lksyyzo2phttps://bsky.app/profile/grsecurity.bsky.social/post/3l6uajehunh2cJohannes Wikner has published a detailed walkthrough of the first cross-process Spectre exploit against a real target, an attack he developed in part during his internship with us last year. Check it out here: https://grsecurity.net/cross_process_spectre_exploitation19 Oct 2024 10:09 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3l6uajehunh2chttps://bsky.app/profile/grsecurity.bsky.social/post/3l4yncmotgz2eA new version of paxctld (1.2.6) is now available for download!25 Sep 2024 17:18 +0000at://did:plc:myv67aiiyl5g4a262cet5dab/app.bsky.feed.post/3l4yncmotgz2e