As he pointed out in a recent post, when a vulnerability is found, “fleets stay exposed until a patched kernel is built, distributed and rebooted into. For many such issues, the simplest mitigation is to stop calling the buggy function.” In his post, Levin and a colleague also provided a proposed version of a kernel kill switch.
“For most users,” Levin pointed out, “the cost of ‘this socket family stops working for the day’ is much smaller than the cost of running a known vulnerable kernel until the fix lands.”
The proposal comes at a time when several high severity Linux vulnerabilities have been discovered, including Copy Fail (CVE-2026-31431), a logic bug which lets users easily obtain root access, and Dirty Frag, which abuses weaknesses in how the Linux kernel handles fragmented memory pages. The Dirty Frag attack combines two separate vulnerabilities affecting the Linux IPsec Encapsulating Security Payload (ESP) subsystem (CVE-2026-43284) and the RxRPC networking protocol (CVE-2026-43500).
Security forum users opposed
The proposal has set off a furious debate among infosec pros. For example, in the r/cybersecurity Reddit forum, it’s been called a “terrible idea,” “ridiculous,” “absolutely terrifying,” and “just too risky.”
