Latest Linux and open source news from around the web

Ubiquiti UniFi U6+ Sponsored · View on Amazon → Docker Deep Dive Sponsored · View on Amazon →
LWN.net

[$] Topics in filesystem testing

It should come as no surprise that a gathering of filesystem developers would discuss filesystem testing; it has been a mainstay of the Linux Storage, Filesystem, Memory Management, and BPF Summit over the years and the 2026 summit was no exception. Ted Ts'o led the discussion this time; he had a few different topics to raise, including his perception of increasing regressions for ext4 in the stable kernels and what can be done to help reduce them. As with other similar sessions at the summit over the years, there is a lot of interest in collaborating on test inputs and outputs, but finding a way to centralize that information has so far eluded the filesystem community.

LWN.net

Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog)

The SUSE Security Team Blog has a post with an analysis of seunshare, which is used by SELinux to confine untrusted programs. During a review of version 3.10 of the program, the team identified two local Denial-of-Service (DoS) vectors. Since seunshare is supposed to run on SELinux-enabled systems, it is important to understand what kind of privilege escalation can be achieved when vulnerabilities are exploited in a setuid-root binary like this. Many SELinux-enabled systems, such as Fedora and openSUSE, ship with the "targeted" SELinux policy by default. This policy is focused on confining well-known system services, but assigns an unconfined SELinux context to interactive users by default to achieve a balance between security and usability. There is currently no domain transition from the unconfined domain to the more restricted seunshare_t defined in the SELinux policy for seunshare. This means the execution of seunshare continues in the unconfined domain. Thus in the context of atta

LWN.net

[$] Lockless MPSC FIFO queues for io_uring

Processes that use io_uring tend to keep a lot of balls in the air; being able to have many operations underway at any given time is part of the point of that API in the first place. The io_uring subsystem must, as a result, keep track of a lot of tasks that have to be performed at the right time. In current kernels, io_uring uses a standard kernel linked-list primitive to track those work items. As of the 7.2 kernel release, though, io_uring will, instead, use a new lockless, multi-producer, single-consumer (MPSC) queue, resulting in some notable performance gains. Lockless algorithms tend to be tricky, but the one used here is relatively approachable and shows how these algorithms can work.

LWN.net

Security updates for Wednesday

Security updates have been issued by AlmaLinux (cifs-utils, corosync, cups, freerdp, git-lfs, go-fdo-client and go-fdo-server, go-toolset:rhel8, kernel, kernel-rt, libinput, libxml2, nginx:1.24, openssl, pacemaker, perl-DBI:1.641, php8.4, python-pillow, python3, and python3.12), Debian (grub2, libxfont, opam, and wolfssl), Fedora (freerdp, kernel, and prometheus), Mageia (imagemagick), Oracle (buildah, freerdp, gimp, kernel, nginx, openexr, openssl, perl-DBI, podman, vim, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (python3.12), SUSE (afterburn, buildah, busybox, enc, freetype2-devel, go1.25, go1.25-openssl, go1.26-openssl, gosec, grafana, helm, krb5, kubernetes-old, libopenbabel8, libxml2, libxml2-16, nasm, openssl-3, patch, python-Authlib, python-mistune, python-soupsieve, python-sqlparse, python3-dulwich, python313-Pillow, rootlesskit, sbootutil-1, tomcat, and tomcat11), and Ubuntu (alsa-lib, dnsmasq, gnutls28, libheif, linux-aws, linux-fips, linux-lts-xenial, linux-gcp-

LWN.net

Many old shim versions are still accepted by secure boot

The CMU CERT Coordination Center has put out an advisory that many exploitable versions of the shim binary, used to boot Linux on systems with UEFI secure boot enabled, were never added to the revocation list. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Code executed during this early boot phase may achieve persistent compromise of the platform, including the ability to load unsigned or malicious kernel components that can survive system reboots and, in some cases, operating system reinstallation. The advisory contains a list of vulnerable shims.

Phoronix

Ubuntu 26.04 LTS vs. Windows 11 vs. CachyOS Performance On A $5399 Laptop

Earlier this month on Phoronix I reviewed the Razer Blade 18 RZ09-0582 as the first laptop Razer is certifying for Linux use via Canonical's hardware certification program for Linux. It offered very nice performance with the Intel Core Ultra 9 290HX Plus and NVIDIA GeForce RTX 5090 graphics albeit costly with a configured price of $5399 USD. That review featured benchmarks on Ubuntu 26.04 LTS but for those wondering about the performance of Ubuntu against Windows 11 on this gaming/AI developer laptop, here are comparison benchmarks plus also tossing in the rolling-release CachyOS distribution.

Phoronix

Vocalinux 0.14 Beta Released For Offline Voice Dictation / Speech-To-Text On Linux

Ubuntu 26.10 is notably working on laying the foundation for a context-aware desktop and their initial deliverable being worked on is Myna as a speech-to-text solution for the Linux desktop. Interestingly there is already a promising voice dictation / speech-to-text solution for the Linux desktop called Vocalinux that continues advancing and is usable right now for those looking at their own speech-to-text desktop solution...

Phoronix

FreeBSD Laptop Support Continues Improving With WiFi, GPU & Audio Driver Work

The FreeBSD Foundation's Laptop Support and Usability Project, which has received more than $750k USD in funding to improve the experience of FreeBSD on laptops, is out with its newest monthly progress report. A lot continues to happen for improving the FreeBSD laptop story, which in many aspects also benefits FreeBSD on the desktop too...