- Maintainers proposed a kill mechanism to temporarily disable vulnerable kernel functions at runtime via securityfs.
- The feature aims to mitigate high severity flaws like Copy Fail and Dirty Frag until patches arrive, although it risks system instability.
- It is under community review and is considered an interim measure, not a substitute for proper patching.
The Linux kernel could soon get a new feature that serves as temporary protection against high-severity vulnerabilities until patches are deployed.
One of the co-maintainers of the stable Linux kernel, Sasha Levin, recently proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel feature.
That way, if security researchers discover malicious code in the future, users can quickly tell the kernel not to use it. The feature would not fix the underlying problems, but since it would return an error, it could prevent the vulnerability from causing serious damage before a proper patch is deployed.
Good idea, does it work (not)?
If adopted, the feature would be available through the kernel’s securityfs interface, allowing administrators to enable kill switches for specific functions that would render them immediately unusable. The change would take effect at runtime and remain active until disabled or until the system is rebooted.
On paper, the idea sounds good. In practice, there are many challenges and moving parts to address. When a feature is disabled, it could disrupt the entire system or crash other parts. It could also introduce additional vulnerabilities.
Therefore, it is important to note that the feature is not intended for general use. It’s also worth mentioning that this feature cannot replace patching.
Still, it could be a solid first aid kit to prevent further escalation of high severity vulnerabilities.
According LinuxiacThe idea for the proposed patch came after the disclosure of two critical Linux kernel vulnerabilities: Copy Fail and Dirty Frag. The first was discovered in early March 2026 and grants malicious actors privileged access across all major Linux distributions. The latter, on the other hand, was discovered at the end of last week. It was also a zero-day that allowed root privileges, but at the time of its disclosure it was not patched, making it extremely dangerous.
The new feature is currently being reviewed by the Linux community and has not yet been introduced.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
