[jjjeffrey]

At the bottom there are two lines that taken together really confuse me:

    <grsecurity> If you're running Linux 3.4 or newer and enabled CONFIG_X86_X32 , you need to disable it or update 
    immediately; upstream vuln CVE-2014-0038

and

    <grsecurity> In case there's confusion, this vuln is not about 32bit userland on 64bit (CONFIG_X86_32), but the new X32 
    ABI.  Ubuntu enables it recently

Does the second line affect the first? EDIT: I ask because it looks like I need to fix my kernel, but I'd rather be lazy if possible.

[elwin]

CONFIG_X86_X32 and CONFIG_X86_32 are different.

The first one, with the second X, enables the new X32 ABI. The second one, without the second X, is the "32bit userland on 64bit".

[harshreality]

x32 is a separate abi, distinct from the normal 64-bit and 32-bit abis.

Most distros don't use it, most don't even offer an x32 install image, but if they enable the kernel option for the x32 abi even without intending to use it, they're vulnerable.

If you're using the x32 abi, either you're using it on purpose, or your distro happens to offer an x32 install image and you downloaded it by accident instead of the normal 32-bit image you probably wanted. In all other cases it should be safe enough to disable the kernel option.

[lambda]

Does "grep CONFIG_X86_X32 /boot/config-`uname -r`" give you any results which aren't commented out? If it does, you're at risk; if not, nothing to worry about (at least, with regards to this vulnerability).