For HomeFor BusinessFor Partners
Industry News
3 min read

Linux Kernel Bugs Can Hide for 20 Years

Silviu STAHIE
Silviu STAHIE

January 09, 2026

Promo
Protect all your devices, without slowing them down.
Free 30-day trial
Linux Kernel Bugs Can Hide for 20 Years

Linux security developer Jenny Guanni Qu has discovered that bugs in the Linux kernel can remain hidden for more than two years, on average. In some cases, certain bugs survived for over 20 years before someone found them.

The Linux developer took a very close look at Linux kernel development, totaling two decades' worth of 125,000 bug-fix commits.

The data revealed that some of the most dangerous bugs won't make themselves known with crashes or obvious failures. Issues in the Linux kernel can linger quietly in cloud infrastructure, enterprise systems, smartphones and billions of connected devices. 

A bug that outlived entire product lines

Among the cases discovered by the comprehensive analysis is a networking bug introduced in 2006 and fixed only in 2025. During that time, Linux evolved through multiple major versions. The problem didn't cause immediate crashes. It was only leaking memory slowly under specific conditions. Systems it affected could appear stable for years, only to degrade or fail under sustained load.

What made the situation ironic was that the code that introduced the bug in the Linux kernel was itself a fix for another issue.

"The irony: Commit d205dc40798d was itself a fix: "[NETFILTER]: ctnetlink: fix deadlock in table dumping". Patrick McHardy was fixing a deadlock by removing a _put() call. In doing so, he introduced a refcount leak that would persist for 19 years," said the researcher. 

Why long-lived bugs are so hard to find

The analysis also showed that the average Linux kernel bug remains hidden for just over two years. But averages also hide obscure extremes, which means that many bugs persist for far longer.

Age only compounds the problem. Large sections of the Linux kernel date back to the early 2000s, and those areas don't often change and rarely attract reviewers.

The research also highlights how partial fixes allow vulnerabilities to survive. Developers sometimes correct the symptom, but don't go after the root cause. While a system might seem patched, some exploits remain. 

Open source is a strength, almost always

Linux's open-source nature has long been viewed as a security advantage, for good reason. It practically means that, with enough eyes on the code, bugs should be few. In reality, the problem is much more nuanced.

While newer bugs are fixed faster than those added a decade ago, the kernel still carries a backlog of ancient flaws.

From an attacker's perspective, long-lived kernel bugs are a formidable attack vector. They have the capability to affect a vast number of systems because distributions share upstream code.

Modern attackers don't rely solely on newly discovered vulnerabilities. In fact, going after old bugs, and reverse-engineering patches are useful when defenders assume some problems are too old to matter.

By the time a vulnerability receives a CVE, attackers may have been using it for quite a while. 

Can machines spot what humans can't?

To mitigate this problem, the researcher developed a machine-learning model known as VulnBERT. Rather than scanning running systems, the model analyzes code changes as they are added to the kernel.

In testing, VulnBERT identified more than 90% of vulnerability-introducing commits while keeping false positives low. And that included that 19-year-old bug.

The model will help developers fine-tune their focus.

According to the researcher, "VulnBERT is a triage tool, not a guarantee. It catches 92% of bugs with recognizable patterns. The remaining 8% and novel bug classes still need human review and fuzzing." 

Frequently Asked Questions

How long do Linux kernel bugs usually remain undiscovered?
On average, Linux kernel bugs remain hidden for about two years, but a significant number persist for five years or longer.

Which kernel bugs are hardest to find?
Race conditions, reference-count errors and memory lifecycle bugs hide the longest.

Are newer Linux kernels safer?
Yes. Newer bugs get fixed faster, but developers still discover and fix vulnerabilities introduced decades ago.

Can machine learning replace human code review?
No. Machine learning works best as a triage tool.

Why should enterprises care about kernel bugs?
Kernel vulnerabilities often enable full system compromise and play a critical role in advanced attack chains.

tags

Industry News

Author

Silviu STAHIE

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

Right now Top posts

Streaming Subscription Scams: What Users Need to Know
Scam

Streaming Subscription Scams: What Users Need to Know

December 18, 2025

3 min read
How Do You Manage Your Passwords? We Ask Netizens
Tips and Tricks How to

How Do You Manage Your Passwords? We Ask Netizens

December 18, 2025

2 min read
Cybercriminals Use Fake Leonardo DiCaprio Film Torrent to Spread Agent Tesla Malware
Threats

Cybercriminals Use Fake Leonardo DiCaprio Film Torrent to Spread Agent Tesla Malware

December 11, 2025

2 min read
What Scares You Most About AI? We Ask Netizens
Scam Tips and Tricks

What Scares You Most About AI? We Ask Netizens

December 11, 2025

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Linux Kernel Bugs Can Hide for 20 Years
Industry News

Linux Kernel Bugs Can Hide for 20 Years
Silviu STAHIE
Silviu STAHIE

January 09, 2026

3 min read
North Korean Hackers Use Phony QR Codes in Phishing Attacks on US Orgs, FBI Warns
Industry News

North Korean Hackers Use Phony QR Codes in Phishing Attacks on US Orgs, FBI Warns
Filip TRUȚĂ
Filip TRUȚĂ

January 09, 2026

2 min read
pcTattletale founder pleads guilty in rare stalkerware prosecution
Industry News

pcTattletale founder pleads guilty in rare stalkerware prosecution
Graham CLULEY
Graham CLULEY

January 09, 2026

2 min read

Bookmarks

loader