Are all Linux vendor kernels insecure?

Are all Linux vendor kernels insecure? A new study says yes, but there’s a fix

All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels?

I believe the article is specifically talking about delays in patching older vendor kernels, LTS versions shipped with Debian or Leap. This is not an issue when using rolling release distros like TW or Arch I would think, as soon as a new stable kernel is released Factory on OBS builds a new kernel with Suse’s own patches/configs and is shipped out to end users quite fast.

I’m on Slowroll and it too gets kernel updates without delays.

“Security” is a broad topic, and a layered approach is and has always been necessary when building systems.

In this respect, it’s not “linux kernels”, it’s pretty much all operating systems. Even operating systems that have TCSEC status have security vulnerabilities in them.

The question posed by SJVN in the title, in my opinion, is somewhat absurd - zero day exploits always exist. Code is written by people, and people make mistakes or overlook possible ways that the code they write can be misused.

The points raised are certainly valid, but they do overlook the fact that in the overall security picture, kernel vulnerabilities are only one aspect of the overall security picture.

1 Like