'For many such issues the simplest mitigation is to stop calling the buggy function. Killswitch provides that': Experts propose Linux kernel "killswitch" following worrying recent security issues

• Maintainers proposed a killswitch mechanism to temporarily disable vulnerable kernel functions at runtime via securityfs
• The feature aims to mitigate high‑severity flaws like Copy Fail and Dirty Frag until patches arrive, though it risks system instability
• It’s under community review, positioned as a stopgap measure—not a replacement for proper patching

The Linux kernel could soon get a new feature that serves as a temporary safeguard against high-severity vulnerabilities until patches are deployed.

One of the Linux stable kernel co-maintainers, Sasha Levin, recently proposed a new patch that would allow system administrators to temporarily disable a vulnerable kernel function.

That way, if security researchers discover malicious code in the future, users would be able to quickly instruct the kernel not to use it. The feature would not address underlying issues, but since the function would return an error, it could prevent the vulnerability from causing ...