Linus Torvalds, the main developer and maintainer of the Linux kernel, issued a security alert via email recommending developers to abandon the first candidate version of the Linux 5.12 kernel as it is considered unsecured.
Although a snowstorm knocked out the software engineer’s command center for virtually the entire past week, the first candidate version for Linux 5.12 was released as expected. However, although thousands of developers managed to get Linux 5.12 on time, Torvalds revealed that this is a flawed version that could cause severe damage to the file system.
“In this merge window, we had a very innocuous cleanup and simplification of code that did not cause any warning signs, although in the end we discovered that it contained a subtle but very dangerous error: paging files stopped working properly,” Torvalds said. The developer mentions that paging was still working, albeit in the wrong part of the file system, resulting in an undesirable scenario for system administrators.
As mentioned in the alert received by some developers, this error was not obvious, so it did not appear in routine testing of the Linux computer: “Paging files are simply not normal, so developers are not guilty of this error.” Torvalds adds that, in the event of this error, the file system could be completely overwritten with arbitrary paging data.
This is an unusually serious error even for the first kernel release candidate versions, which typically include multiple minor bugs that are not a problem for system administrators. However, in this case the flaw turned out to be much more serious than normal, so the Linux team will need to continue working on future kernel releases.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, please feel free to access the International Institute of Cyber Security (IICS) website.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.