CIQ

Frozen Kernels: Vendor Kernels, Bugs, and Stability

June 6, 2024

Roundtable discussion with the authors of the whitepaper titled, “Vendor Kernels, Bugs and Stability.” The paper is intended to put numbers around an open secret in the Linux community, specifically, that vendor kernels are inherently insecure and that the current engineering process makes securing those kernels impossible. Instead, the paper advocates, consuming upstream stable kernels affords much greater protection from security vulnerabilities that are routinely back ported in error into vendor kernels.

The paper’s authors maintain that “this creates a strong incentive” for customers that are concerned with security and ensuring that their systems are secure to subscribe to and use a stable kernel instead of a vendor kernel. “We believe that the only realistic way for a customer to know they run a kernel that is as secure as possible is to switch to a stable kernel branch.”