Security considerations with using old kernel



  • I don't understand too well how the Linux kernel interacts with the user space programs that I typically interact with so pardon my ignorance with these questions:

    I understand that Android device manufacturers implement their drivers in userspace and do not open source them, so it is very difficult to update a device's kernel from the version it originally shipped with without breaking all of the drivers. What are the security implications of using an old kernel in this way? For example, the Nexus 5 uses kernel 3.4 which was last updated in 2015 (according to https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/). Have any major vulnerabilities in the kernel been discovered since then that are relevant to Ubuntu Touch and is it feasible to backport fixes for them?

    OTA-4 got Ubuntu Touch onto a 16.04 base, so I assume that everything besides the kernel gets supported security patches from Canonical (other than the Ubuntu Touch specific bits). The main Ubuntu 16.04 used kernel 4.4. Are there any problems with using it on an older kernel?



  • @wsha I think that's a very good question for the next Q&A (https://forums.ubports.com/topic/1665/q-a-36-this-saturday-15-09-at-19-00-utc)


Log in to reply
 

Looks like your connection to UBports Forum was lost, please wait while we try to reconnect.