A Huawei engineer has decided to contribute a patch to the Linux kernel, trying to help bolster the security of the widely deployed open source project. The patch was called “Huawei kernel self protection” (HKSP), and it allegedly featured various security-hardening options for the Linux kernel. Thinking that this is coming from a controversial entity, the Linux kernel team thoroughly scrutinized the patch and found that it contains a “trivially exploitable vulnerability.” The discovery of that was the work of “GRSecurity,” an entity that has been contributing security hardening patches on Linux kernel for a long time now.

GRSecurity has even provided a proof of concept (PoC) code on how to exploit the vulnerability as an unprivileged user. They called the HKSP patch a risk that creates new attack surface and introduces more problems than those it attempts to solve in the first place. Naturally, this discovery sparked rumors about the intention of the contributor, Huawei’s long-shot goal to try and weaken the security of the Linux kernel, and more. Huawei responded to this by saying that their employee contributed on his own and that the company had no involvement in this action whatsoever.