As he identified in a latest put up, when a vulnerability is discovered, “fleets keep uncovered till a patched kernel is constructed, distributed and rebooted into. For a lot of such points, the best mitigation is to cease calling the buggy perform.” In his put up, Levin and a colleague additionally supplied a proposed model of a kernel kill swap.
“For many customers,” Levin identified, “the price of ‘this socket household stops working for the day’ is way smaller than the price of operating a identified weak kernel till the repair lands.”
The proposal comes at a time when a number of excessive severity Linux vulnerabilities have been found, together with Copy Fail (CVE-2026-31431), a logic bug which lets customers simply acquire root entry, and Soiled Frag, which abuses weaknesses in how the Linux kernel handles fragmented reminiscence pages. The Soiled Frag assault combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Safety Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500).
Safety discussion board customers opposed
The proposal has set off a livid debate amongst infosec professionals. For instance, within the r/cybersecurity Reddit discussion board, it’s been known as a “horrible concept,” “ridiculous,” “completely terrifying,” and “simply too dangerous.”
