Watch out for any Linux malware sneakily evading syscall-watching antivirus
by Iain Thomson
April 29, 2025
https://www.theregister.com/2025/04/29/linux_io_uring_security_flaw/
| Notes |
|---|
| Linux malware |
| blind spot |
| antivirus |
| io_uring |
| Linux kernel |
| system call |
| syscall monitoring |
| detection |
| ring buffer |
| ARMO - CEO Shauli Rozen |
| PoC |
| Curing https://github.com/armosec/curing |
| disable io_uring if you aren’t using it (attack surface reduction) |
| eBPF |
| sysctl -w kernel.io_uring_disabled=2 |
| Amit Schendel - head of security research, ARMO |
| visibility |
| Microsoft Defender |
| ChromeOS – disabled io_uring |
| bug bounty |