Follow @Openwall on Twitter for new release announcements and other news

Linux kernel patch from the Openwall Project (historical)

View the latest README and the FAQ (both are also included in the archives below).


These and older versions of the patches are also available from the Openwall file archive.

Follow this link for information on verifying the signatures.

This is a historical project. For a related (yet very different) currently active project, see Linux Kernel Runtime Guard instead.

Contributed resources:

February 19, 2010
Linux is out. The patch additionally includes a post- fix for FAT filesystems.

November 15, 2009
Linux is out. The kernel fixes a number of security-related bugs.

October 25, 2009
Linux is out. The kernel fixes a number of information leak vulnerabilities. One of these was already fixed in (see below), and the remaining ones may or may not affect specific systems depending on both kernel and userspace configuration.

August 23, 2009
Linux is out. The kernel adds a fix for the Linux NULL pointer dereference due to incorrect proto_ops initializations (CVE-2009-2692), which was not exploitable into privilege escalation as long as the vm.mmap_min_addr restriction was enabled and working. There have been no known issues with vm.mmap_min_addr in recent kernels (the "personality" trick mentioned below does not count because it required a vulnerable SUID-root program). In our patched kernels, vm.mmap_min_addr is enabled by default. More importantly, Linux adds a fix for the sigaltstack local information leak affecting 64-bit kernel builds (CVE-2009-2847).

August 3, 2009
Linux is out. The kernel integrates a replacement for the "personality" hardening measure introduced in

July 20, 2009
Linux is out. The kernel release adds the "-fno-delete-null-pointer-checks" option to gcc invocations, which is important to reduce the impact of a class of kernel bugs (which are yet to be found and fixed individually, but are known to exist in general), adds several security-relevant fixes to the RTL-8169 NIC driver, and makes other assorted changes. The Linux kernel patch introduces an additional security hardening measure where the kernel will no longer allow the "personality" feature (which is needed to support some program binaries from other operating systems) to be abused to bypass the vm.mmap_min_addr restriction via SUID-root programs with a certain class of design errors in them. Similar changes were introduced into 2.6.x kernels recently.

July 7, 2009
Linux is out. The kernel release adds several bug fixes, including security-relevant ones.

May 24, 2009
Linux is out. Linux, compared to 2.4.35-ow2, adds numerous security-relevant fixes to various kernel subsystems. Additionally, functionality of the restricted zero page mappings feature in has been revised to apply on top of the vm.mmap_min_addr sysctl introduced in mainstream 2.4 kernels, and the documentation has been revised accordingly.

August 14, 2007
Linux 2.4.35-ow2 is out. This revision adds a fix for the parent process death signal vulnerability in the Linux kernel discovered by Wojciech Purczynski of COSEINC PTE Ltd. and iSEC Security Research (CVE-2007-3848). It also adds two security hardening features, both enabled by default: restricted access to VM86 mode (specific to 32-bit x86) and restricted zero page mappings (generic).

August 7, 2007
Linux 2.4.35-ow1 is out. The single known security-relevant change added with Linux 2.4.35 is correction of the randomness pool update bug discovered by the PaX Team.

December 27, 2006
Linux 2.4.34-ow1 is out. Linux 2.4.34 includes a number of security fixes for issues that either have minor impact or are in subsystems that are not commonly used in ways that would expose the security issues.

August 16, 2006
Linux 2.4.33-ow1 is out.

November 26, 2005
Linux 2.4.32-ow1 is out.

June 3, 2005
Linux 2.4.31-ow1 is out. The changes since 2.4.30-ow3 are unimportant for most users.

May 12, 2005
Further analysis shows that on Linux 2.4.30 and above running on x86, the impact of CAN-2005-1263 is limited to DoS. On 2.4.x kernels older than 2.4.30 and/or on other architectures (including x86-64), privilege escalation via this bug appears to actually be possible.

May 12, 2005
Linux 2.4.30-ow3 is out. This version adds a fix to the ELF core dump vulnerability (CAN-2005-1263) discovered by Paul Starzetz, as well as a fix to an x86-64 DoS vulnerability (from Linux 2.4.31-pre1). Linux 2.2.x starting with 2.2.21-ow2 and 2.0.x kernels are unaffected.

April 8, 2005
Linux 2.4.30-ow1 is out.

January 20, 2005
Linux 2.4.29-ow1 is out. Linux 2.4.29, and thus 2.4.29-ow1, adds a number of security fixes, including to the x86/SMP page fault handler (CAN-2005-0001) and the uselib(2) (CAN-2004-1235) race conditions, both discovered by Paul Starzetz. The potential of these bugs is a local root compromise. The uselib(2) bug does not affect default builds of Linux kernels with the Openwall patch applied since the vulnerable code is only compiled in if one explicitly enables CONFIG_BINFMT_ELF_AOUT, an option introduced by the patch.

November 20, 2004
Linux 2.4.28-ow1 is out. Linux 2.4.28, and thus 2.4.28-ow1, fixes a number of security-related bugs, including the ELF loader vulnerabilities discovered by Paul Starzetz (confirmed: ability for users to read +s-r binaries; potential: local root), a race condition with reads from Unix domain sockets (local root), and smbfs support vulnerabilities discovered by Stefan Esser (confirmed: remote DoS by a malicious smbfs server; potential: remote root by a malicious smbfs server).

August 14, 2004
Linux 2.4.27-ow1 is out.

August 4, 2004
Linux 2.4.26-ow3 is out. This corrects the access control check in the Linux kernel which previously wrongly allowed any local user to change the group ownership of arbitrary NFS-exported/imported files (CAN-2004-0497) and adds a workaround for the file offset pointer races discovered by Paul Starzetz (CAN-2004-0415).

June 19, 2004
Linux 2.4.26-ow2 is out. This update fixes multiple security-related bugs in the Linux kernel (those discovered by Al Viro using "Sparse", fsave/frstor local DoS on x86, infoleak in the e1000 driver, and some others) as well as two non-security bugs in the patch itself. Please refer to the announcement for detailed information on the changes.

April 17, 2004
Linux 2.4.26-ow1 and 2.0.40-ow1 are out.

Linux 2.4.26 (and thus 2.4.26-ow1) fixes an integer overflow vulnerability in processing of the MCAST_MSFILTER socket option discovered by Paul Starzetz. When properly exploited, the bug would lead to a local root compromise. Also included in this kernel release is a fix for the ext3/XFS information leak discovered by Solar Designer, and a number of other relatively minor fixes.

Linux 2.0.40 (and thus 2.0.40-ow1), compared to Linux 2.0.39-ow3, eliminates an information leak via ICMP messages.

March 1, 2004
Linux 2.2.26-ow1 is out and includes more verbose reporting of returns onto stack.

February 21, 2004
Linux 2.2.25-ow2 is out and includes a workaround for the second mremap(2) system call vulnerability discovered by Paul Starzetz. It also includes the /dev/rtc information leak fix (see the news item from January 5, below) and other minor fixes. Upgrading of existing Linux 2.2.x installs is strongly recommended.

February 20, 2004
Linux 2.4.25-ow1 is out. Upgrading of existing 2.4.23-ow2 and 2.4.24-ow1 installs is not strictly required for most users as 2.4.23-ow2+ patches already included a kernel bug fix which was later determined to be security-critical and needed to avoid the second mremap(2) system call vulnerability discovered by Paul Starzetz and made public two days ago.

January 8, 2004
Linux 2.4.24-ow1 is out. Upgrading of existing 2.4.23-ow2 installs is not required.

January 5, 2004
Linux 2.4.23-ow2 adds fixes for two Linux kernel vulnerabilities. One of the vulnerabilities, discovered by Paul Starzetz, is in incorrect handling of a boundary case in mremap(2) system call. When properly exploited, this vulnerability may allow any local user and any process to execute arbitrary code with kernel privileges and thus gain root access and bypass restrictions such as cap-bound. More trivial exploits of the same vulnerability result in an instant reboot (local DoS). This vulnerability does not affect Linux 2.2.x and older kernels. The other vulnerability has been discovered by Russell King and results in the real time clock drivers leaking small amounts of kernel internal data to user-space applications via the /dev/rtc device. Such data might be security-sensitive. All of Linux 2.0.x, 2.2.x, and 2.4.x are affected, provided the /dev/rtc device is readable to untrusted users (it isn't on Owl).

November 29, 2003
Linux 2.4.23 (and thus 2.4.23-ow1) includes a fix to a vulnerability in the brk(2) system call discovered by Andrew Morton. When properly exploited, this vulnerability may allow any local user and any process to execute arbitrary code with kernel privileges and thus gain root access and bypass restrictions such as cap-bound. Linux 2.2.x and 2.0.x are not affected.

Additionally, Linux 2.4.23-ow1 makes the reporting of returns onto stack more verbose and makes the kernel retry attempts to open the root filesystem device if the first attempt fails.

July 6, 2003
Linux 2.4.21-ow2 adds fixes for two Linux kernel vulnerabilities recently discovered by Paul Starzetz. One of the vulnerabilities allows for substitution of SUID/SGID programs on Linux 2.4.x (but not 2.2.x or 2.0.x), thereby leaking their elevated privileges. On older Linux kernels, the impact of this vulnerability is limited to dumping the contents of unreadable SUID/SGID programs. The other vulnerability gives users read access to the environment of SUID/SGID programs they run.

June 15, 2003
Linux 2.4.21 (and thus 2.4.21-ow1) adds numerous security fixes, including to the kmod/ptrace race previously fixed in 2.2.25 and many 2.4.x-specific vulnerabilities (ioperm(2) allowing unauthorized direct access to certain I/O ports, O_DIRECT information leaks, excessive CPU consumption with networking, and more).

March 20, 2003
Linux 2.2.24 and 2.2.25 (and thus 2.2.25-ow1) add a number of security fixes: for the kmod/ptrace race, "Etherleak", and a local DoS with mmap(2) of /proc/<pid>/mem files. Please refer to the Owl change log for information on the vulnerabilities and how they affect Owl.

November 27, 2002
Linux 2.2.22-ow2 improves the "lcall" DoS fix for the Linux kernel to cover the NT (Nested Task) flag attack discovered by Christophe Devine.

September 10, 2002
Linux 2.2.21-ow2 includes many security fixes for issues with the Linux kernel discovered during code reviews by Silvio Cesare, Solar Designer, and others.

March 3, 2002
Linux 2.2.20-ow2 fixes an x86-specific vulnerability in the Linux kernel discovered by Stephan Springl where local users could abuse a binary compatibility interface (lcall) to kill processes not belonging to them (including system processes).

November 3, 2001
Linux 2.2.20 adds a workaround for a vulnerability with certain packet filter setups and SYN cookies where the packet filter rules could be bypassed. Additionally, 2.2.20-ow1 moves even more of the support for combined ELF/a.out setups (in particular, uselib(2) and its related a.out library loaders) under the configuration option introduced with 2.2.19-ow4.

October 22, 2001
Linux 2.2.19-ow4 fixes a symbol export issue introduced with 2.2.19-ow3 and moves the support for ELF executables which use an a.out format interpreter (dynamic linker) into a separate configuration option (disabled by default). No upgrade from 2.2.19-ow3 is necessary.

October 18, 2001
Linux 2.2.19-ow3+ fixes two Linux kernel vulnerabilities discovered by Rafal Wojtczuk. Please refer to the Owl change log for information on the vulnerabilities and how they affect Owl. Of the two newly discovered vulnerabilities, Linux 2.0.39-ow3 is only affected by the DoS.

March 26, 2001
Linux 2.2.19 is another important security update. Please upgrade to at least 2.2.19-ow1 or 2.0.39-ow3.

Quick Comment: