Linux developers weigh emergency “killswitch” for vulnerable kernel functions
Linux developers weigh emergency “killswitch” for vulnerable kernel functions
https://www.helpnetsecurity.com/2026/05/11/linux-kernel-emergency-killswitch/
Publish Date: 2026-05-11 08:55:00
Source Domain: www.helpnetsecurity.com
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime.
The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the public disclosure of two privilege escalation vulnerabilities affecting the Linux kernel.
What prompted the proposal
The impetus for the proposal is explicit: the patch’s selftest references Copy Fail (CVE-2026-31431), a nine-year-old local privilege escalation flaw in the AF_ALG cryptographic socket interface disclosed by researchers at Theori on April 29.
The flaw allows an unprivileged local user to write four controlled bytes into the kernel page cache of any readable file, reliably achieving root without needing to win a race condition.
Copy Fail’s disclosure process was chaotic: Linux kernel developers were notified in advance and had time to work on a fix, but various Linux distributions were still working on issuing patched kernel packages when Theori researchers published a working proof-of-concept exploit.
Dirty Frag was publicly disclosed on May 7 by researcher Hyunwoo Kim, who privately reported CVE-2026-43284 and CVE-2026-43500, which together “make” Dirty Frag, to kernel maintainers on April 29–30.
But when a patch for CVE-2026-43284 got merged on May 5, it didn’t take long for another researcher to analyze it, create a working exploit, and publish it, forcing Kim to proceed with public disclosure before the agreed-upon embargo window ended.
(The researcher in question didn’t know about the embargo. “The work is n-day weaponization from a public upstream commit, which is standard practice once a security-relevant fix lands in a public tree,” he noted.)
Copy Fail demonstrated that due to a poor understanding of the intricacies of the process, even well-intentioned disclosure can leave distros scrambling. Dirty Frag demonstrated…
