Kconfig-Hardened-Check - A Tool For Checking The Hardening Options In The Linux Kernel Config

Motivation There are plenty of Linux kernel hardening config options. A lot of them are not enabled by the major distros. We have to enable these options ourselves to make our systems more secure. But nobody likes checking configs manually. So let the computers do their job!...

CVE-2019-5023

An exploitable vulnerability exists in the grsecurity PaX patch for the function readkmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version...

PaX read_kmem Denial of Service Vulnerability

pax is a patch for Linux that is designed to improve system security by preventing the exploitation of memory corruption vulnerabilities. A security vulnerability exists in the grsecurity PaX patch in PaX. An attacker can exploit the vulnerability to cause a system crash memory leak...

Linux 2.6.x fs/pipe.c local root exploit

No description provided by source. For those who were not yet aware, there is at least 3 public exploits since 11/05/2009 for CVE-2009-3547 targeting all linux kernels from 2.6.0 to 2.6.31 included. Since spender and fotis have already release their own, there is not need for us to keep this on o...

CVE-2007-0253

Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expandstack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function the...

Grsecurity Kernel Patch 1.9.4 (Linux Kernel) - Memory Protection

Grsecurity Kernel Patch 1.9.4 Linux Kernel - Memory Protection source: https://www.securityfocus.com/bid/4762/info An attacker with root access may be able to write to kernel memory in spite of the security patch provided by grsecurity. The patch operates by redirecting the write system call, whe...