- Maintainers proposed a killswitch mechanism to temporarily disable vulnerable kernel functions when running via securityfs.
- The feature aims to mitigate high-severity vulnerabilities such as Copy Fail and Dirty Frag until patches arrive, although it risks system instability.
- It is under community review, positioned as an interim measure and not a replacement for proper fixes.
The Linux kernel could soon benefit from a new feature that would serve as temporary protection against high-severity vulnerabilities until patches are deployed.
One of the co-maintainers of the stable Linux kernel, Sasha Levin, recently proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel feature.
This way, if security researchers discover malicious code in the future, users can quickly tell the kernel not to use it. The feature would not fix the underlying issues, but because it would return an error, it could prevent the vulnerability from causing serious damage before a suitable patch is deployed.
Good idea, does it work (not)?
If adopted, the feature would be available through the kernel’s securityfs interface, allowing administrators to enable killswitches for specific functions, making them immediately unusable. The change would take effect at runtime and remain active until it is disabled or the system restarts.
On paper, the idea seems good. In practice, there are many challenges and moving parts to overcome. When a feature is disabled, it can disrupt the entire system or cause other parts to crash. This could also introduce additional vulnerabilities.
Therefore, it is important to note that this feature is not intended for general use. It’s also worth mentioning that this feature cannot replace patches.
Still, it could be a solid first aid kit to prevent further escalation with high-severity vulnerabilities.
According to Linuxiacthe idea for the proposed patch came after the disclosure of two critical Linux kernel vulnerabilities – Copy Fail and Dirty Frag. The first was discovered in early March 2026, granting malicious actors privileged access to all major Linux distributions. The latter, on the other hand, was discovered at the end of last week. It was also a zero-day file that allows root privileges, but at the time of its disclosure it did not have a patch, making it extremely dangerous.
The new feature is currently under review by the Linux community and has not yet been introduced.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
