- Maintainers proposed a killswitch mechanism to temporarily disable vulnerable kernel features while running via securityfs
- The feature aims to fix high-severity bugs like Copy Fail and Dirty Frag until patches arrive, although it risks system instability
- It is under community review, placed as a stopgap measure – not a substitute for proper patching
The Linux kernel may soon get a new feature that serves as a temporary protection against high-severity vulnerabilities until patches are deployed.
One of the Linux stable kernel co-maintainers, Sasha Levin, recently proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel feature.
That way, if security researchers discover malicious code in the future, users will be able to quickly instruct the kernel not to use it. The feature does not fix underlying problems, but since the feature would return an error, it could prevent the vulnerability from causing serious damage until a proper patch is implemented.
Good idea, works (not)?
If adopted, the feature would be available through the kernel’s securityfs interface, allowing administrators to enable killswitches for specific features that would render them immediately unusable. The change takes effect at runtime and remains active until disabled or until the system is rebooted.
On paper, the idea sounds good. In practice, there are many challenges and moving parts to address. When a feature is disabled, it can disrupt the entire system or break down other parts. It can also introduce additional vulnerabilities.
Therefore, it is important to note that the feature is not intended for general use. It is also worth mentioning that this feature cannot serve as a replacement for patching.
Still, it could be a solid first aid kit to prevent further escalation with serious vulnerabilities.
According to Linuxiaccame the idea for the proposed patch after the disclosure of two critical Linux kernel vulnerabilities – Copy Fail and Dirty Frag. The former was discovered in early March 2026, giving malicious actors privileged access across all major Linux distributions. The latter, on the other hand, was discovered at the end of last week. It was also a zero-day that allows root privileges, but at the time of disclosure it did not have a patch which made it extremely dangerous.
The new feature is currently being reviewed by the Linux community and has not yet been introduced.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
