Linux Users Hit by CrowdStrike Fallout: Kernel Panics Reported

by do son · Published July 23, 2024 · Updated July 23, 2024

Last Friday, the world experienced an unprecedented outage that disrupted multiple industries, including finance, media, transportation, and logistics. Many domestic users also encountered Windows system crashes, affecting their work and propelling the keyword “Microsoft Blue Screen” to the top of online search trends. Microsoft CEO Satya Nadella confirmed that an update to CrowdStrike’s software, “Falcon Sensor,” designed to prevent cyberattacks on computer systems, caused the malfunction of computers running the Windows operating system.

According to The Register, the issue with CrowdStrike is not limited to the Windows operating system. As early as April this year, Linux users had been reporting kernel crash problems related to the same software. The affected users included those running Red Hat Enterprise Linux, Debian Linux, and Rocky Linux. This indicates that the laxity in CrowdStrike’s Falcon Sensor software has persisted for some time.

Reports suggest that the problems impact the underlying Linux kernel, with any Linux distribution running kernel version 5.14.0-42713.1 and later experiencing crashes. The “kernel” of an operating system refers to the layer outside of user interaction, directly connected to the hardware beneath. Generally, very few software programs require kernel access to function, with security software being a notable exception due to the potential for threats to penetrate the kernel layer. However, it remains crucial to ensure that such software does not cause instability or crashes on any target platform’s kernel.

This technical incident highlights that warning signals often precede major issues, and updates intended for enterprises and governments require more rigorous testing to prevent kernel-level crashes. In practical use, most affected users likely do not have administrative access or the knowledge needed to resolve these issues.