Linux May Drop Old Network Drivers Now That AI-Driven Bug Reports Are Causing A Burden
Posted by anh0516@reddit | linux | View on Reddit | 108 comments
Li0n-H3art@reddit
Well that kinda sucks
LuckyHedgehog@reddit
Not really. In all likelihood these were or would have been exploited in the real world, regardless of what tool was used to discover it. Better to discover and address it sooner than later
anh0516@reddit (OP)
These are device drivers. There's only a chance of exploiting them on a system where the kernel modules in question are loaded, which is very few in this case.
MorallyDeplorable@reddit
Not every driver is a module, plenty are compiled in on all kinds of distros
You don't want an exploit that's as simple as "plug in a device that maliciously pretends to be a NIC with a bad driver"
There's no realistic benefit imaginable to keep dragging this cruft forwards
PGleo86@reddit
Ludicrous statement.
If a bad actor has physical access to the device, it should be considered compromised.
Dr_Hexagon@reddit
Not really. They might have access to a network port but the physical case might be locked in a way they aren't willing to break and they might only have physical access for a few minutes.
If they have access to the entire motherboard for unlimited time then it should be considered compromised.
MorallyDeplorable@reddit
"If a bad actor has physical access to the device, it should be considered compromised." < this advice is 20 years old and was not ever intended to be used as justification to simply not try to secure things. You're regurgitating outdated advice in a situation it was never intended to apply to.
Numerous technologies exist to protect integrity of devices even when an unknown or malicious actor is accessing them, keeping things like vulnerable drivers around flies in the face of those efforts and technologies.
PGleo86@reddit
For what it's worth, I agree that the drivers should go if they've got gaping vulnerabilities and no maintainers to fix them - that doesn't mean that physical security isn't as important as digital security at other levels. The statement may be old, but that doesn't make it untrue or unimportant.
MorallyDeplorable@reddit
Nobody was saying physical security isn't important but using physical security as a crutch to not implement common sense software security is silly, which is the only reason I can see for you to bring that up.
It's also untrue as a hard rule, plenty of modern systems have proper code integrity and signing, RAM encryption, FDE encryption, etc... These are real security layers that exploitable drivers have the potential to bypass. Things that "lol China can steal your laptop and just swap ICs" won't even break, but bad drivers can. Security measures that are available on consumer and workstation-level platforms, even. Most modern cell phones have security to a level that disproves the notion that physical access means compromised.
Stuff like fTPM and per-part attestation/signing puts the kinds of attacks you're worried about in the "maybe theoretical for a state actor" range and firmly within the "Some goon with a wrench is going to beat the keys out of the holder before they bother cracking" range.
"Physical compromise = software compromise" is the kind of advice that's given to a grandparent to help them understand the risks of signing into their e-mail from a library PC. It's not actionable at a technical level.
Deliphin@reddit
As soon as they have hardware access, any USB rubber ducky can spit out whatever keyboard inputs and do whatever they want. Or they could pop on a little device into the NIC that sniffs packets. Or they could just steal the drive and walk off with data. Or a billion other things that are literally unstoppable.
Hardware access = Total access.
DemonInAJar@reddit
This is completely false. Where would the keyboard inputs go? This requires explicitly enabling unauthenticated access to a terminal and this is also assuming there is one running, there are Linux distros with almost no userspace. Sniff what packets? It is trivial to TLS and even tunnel traffic. There is also boot attestation and tpm disk encryption
MorallyDeplorable@reddit
Everything you said is either directly wrong or reductive to the point of being directly wrong
Dr_Hexagon@reddit
No, its quite possible to make hardware using an rPI or similar that fakely pretends to be one of these old network cards to use an exploit.
RandomFleshPrison@reddit
"Linux kernel developers either can ignore the AI-driven reporting or begin removing old drivers to avoid the excess reports for drivers where there are likely few to no one using an upstream kernel on old computer hardware relics."
I vote for the first option.
Frexxia@reddit
You can't just ignore them when they're pointing out legitimate issues.
RandomFleshPrison@reddit
If they're being spammy, why not? We ignore anything else that is spammy, even if it's/they're pointing out legitimate issues. Besides, who has verified these issues are all legitimate?
i-hate-birch-trees@reddit
It's not that they're "spammy", it's that LLMs have the ability to read all the code and find issues in all the code, while human researcher only ever focus on frequently used parts or parts that are likely to be exploited in the wild. The spamming in question is just highlighting how badly unmaintained and vulnerable the code of these modules is, and since no human is willing to step up to fix them (because I'm assuming there's simply no actual users left, or the few that exist are not willing to step up or even say anything about it) removal is a logical choice here.
RandomFleshPrison@reddit
Software developers absolutely go over every line of code, not just a subset of it. Why are you assuming LLMs have 100% accuracy and 0% redundancy? Have you used these LLMs, or audited their results?
i-hate-birch-trees@reddit
Why are you putting words in my mouth? My company has an AI reviewer in the CI pipeline, it's not 100% accurate, but it's still very useful. When you read a review report it's usually pretty obvious if there's an actual issue.
Software developers go over every line when they're writing it or trying to modify it, but I'm talking about the code that was left alone for 15 years without anyone touching it, because it has no users and no utility - I really doubt someone with necessary knowledge of the kernel and C routinely goes through all that code just to see if there are issue with it.
RandomFleshPrison@reddit
"but I'm talking about the code that was left alone for 15 years without anyone touching it, because it has no users and no utility"
Can you verify it has no users and no utility? And yes, software developers check old code, not just what they're writing or modifying. Technically SDeTs and STEs do it, but it absolutely gets done.
i-hate-birch-trees@reddit
Have you read the post? They're literally asking if anyone is using it and/or willing to step up to maintain it.
Sure, on occasion, and as we're seeing here they've missed these issues for a decade.
RandomFleshPrison@reddit
So no, you can't verify it. Just say so.
F54280@reddit
You think you are conflating earlier AI spam and hallucinations with recent Mythos output, which is supposedly capable to come with the actual exploit too.
RandomFleshPrison@reddit
Supposedly. What about actually?
MatchingTurret@reddit
You don't have a vote in this.
_w62_@reddit
A good way to pay technical debt and move on. When you let go something old, you have more room for something new.
i860@reddit
This mentality is everything wrong with today’s software engineering approaches.
_w62_@reddit
I am saying this because I see C++ standards. Tries to add new features while remaining compatible all the way back to the very original K&R C.
I am seeing this encouraging because we don't have to maintain very old hardware drivers. Even though I have had very good experiences with 3Com LAN cards, particularly 3c509, it is time to let it go.
Let it die an honorable death is the final salute can be bestowed.
FastHotEmu@reddit
another way to look at it when you choose something new and unproven you also take on risks - not to mention create e-waste - and support enshittified products
Kevin_Kofler@reddit
Linux going for planned obsolescence is a really worrying trend. There has been more code removed recently, e.g., support for 486 CPUs, and more drivers. And all because of the darn AI slop! Most of the "security bugs" reported by AIs are not even real! AI slop bug reports should just be ignored instead of dropping working code and desupporting hardware that people still use.
vaynefox@reddit
Then why dont you volunteer to maintain it. They wouldnt remove it of there are people willing to maintain those old hardware....
"Talk is cheap, show me the code" - Linus Torvalds
Kevin_Kofler@reddit
These drivers need no maintenance at all. That hardware has not changed for decades. They just need to leave these drivers alone.
vaynefox@reddit
They found vulnerabilities on those drivers and no one wants to patch them. If you just leave those vulnerable drivers in the kernel then you're just inviting someone to exploit it since both those bad actors and the kernel dev team are using the same tools to find vulnerabilities in the kernel....
Kevin_Kofler@reddit
The alleged vulnerabilities are just AI slop. Most of the time, those alleged vulnerability reports are purely hallucinated nonsense.
F54280@reddit
https://adam.holter.com/claude-mythos-hacked-linux/
dnu-pdjdjdidndjs@reddit
this isnt nearly as true anymore
even for the lazy chuds submitting ai output without understanding anything the reports typically end up pointing to genuinely bad/problematic code even if the model hallucinates a non existent exploit
you can take the curl dev's word for it
Financial-Day5602@reddit
Most of the time? Source? Or you made that up?
Existing-Tough-6517@reddit
The kernel can change around the driver requiring maintenance and they have to keep fixing bugs especially security bugs in it
Albos_Mum@reddit
Not to mention, they typically will outright say the intention to drop support and then wait a kernel release or two to actually do it specifically so users still using the old hardware can speak up. In a number of now-historical cases, this has resulted in the depreciation being dropped for a time.
granadesnhorseshoes@reddit
I appreciate the sentiment but a LOT of this really is just "dead" code. Intel themselves dropped support for 486 before Linux did. Also we still have LTS branches for all the old hardware that IS still chugging along. Just because the main branch does it, doesn't mean the whole ecosystem drops it overnight.
Realistically all the drivers they are talking about removing are for ISA and PCMCIA .The newest hardware manufactured for those buses was something like 2003. So the most recent hardware this affects is 23 years old.
Sorry-Committee2069@reddit
I will point out that there's still industrial boards being made that have 486 CPUs on them, in those weird trimmed-down SoC configurations. PCMCIA also held on a lot longer than you'd think, it was still included on a few machines until 2010-ish.
Existing-Tough-6517@reddit
The companies so reliant can pony up then
nullptr777@reddit
Yeah I have a hard time feeling a lot of sympathy there lol. If you're gonna rely on a 35 year old CPU architecture the least you can do is assign one engineer to kernel maintenance.
Corporate leeching has got to be the worst thing about open source.
nicman24@reddit
then the manufacturers ought to support it in kernel
granadesnhorseshoes@reddit
Sure, but as SoCs they require different and specific support beyond the 486 CPU code that was removed, and may not have ever had linux support without those additional drivers(from or with the explicit help of the MFG) for the other parts of the SoC.
And machines that still have PCMCIA bus support no doubt still exist, but they aren't talking about removing PCMCIA bus support itself. Just a bunch of ancient network drivers that used it and haven't been manufactured in over 20 years.
Kevin_Kofler@reddit
Of course they did, they want to sell you a new CPU! This is exactly what planned obsolescence is about!
granadesnhorseshoes@reddit
Intel didn't drop 486 support until 2007, so I wouldn't shit on them too hard. Intel knows business and industrial uses butter their bread so on the back end they have staggeringly long support lifetimes for binary comparability of their processors.
Sorry-Committee2069@reddit
It's not even completely dropped, new 486 machines are still being made today. They're on Digikey, for industrial purposes. It's just not Intel making them, as the 486 is dirt cheap to make on even ancient chipfab machines.
Dalemaunder@reddit
The 486 was released in 1989, you really think that’s planned obsolescence?
A computer running hardware that old can happily keep running without the latest kernel, or hobbyist groups can maintain a driver that isn’t mainlined anymore.
This is one of the benefits of open source, if support for a nearly 40 year old CPU’s driver is dropped then you have all the power in the world to add it back.
froli@reddit
That's not even what planned obsolescence is
Fr0gm4n@reddit
This is just plain ol' obsolescence. Far too many people use planned obsolescence completely incorrectly.
dnu-pdjdjdidndjs@reddit
that doesnt sound scsry enough
The__Toast@reddit
I would be really shocked if you've seen either one of these in a piece of in-used consumer hardware in the last fifteen years, even in developing parts of the world.
I'm really not one of these people that thinks any tech that's more than a year old is ancient, but PCI had started to replace ISA by like 1995, which is more than thirty years ago.
At some point it's simply not economical to support stuff, and basically impossible to actually test any code changes.
Scout339v2@reddit
Someone fill me in on how AI can drive bug reports please.
james_pic@reddit
AI can, when given the right prompt by a capable security engineer, search a codebase for potential security vulnerabilities, which the security researcher can then verify and report. The security researcher is still an important part of the process, but AIs don't get bored, so can be more effective at the "find the needle in this haystack" part of security research.
AI can also, when given the wrong prompt by a clueless and lazy bug bounty hunter, hallucinate reams of scary sounding bullshit that contains no actual findings, but makes maintaining a driver a thankless task, burning out maintainers.
It's hard to say which factor is most significant, but both are happening.
i-hate-birch-trees@reddit
LLMs are excellent at code review/analysis, they are much better than static analysis tools we had so far. It does what humans don't usually do - reads all the code, even ancient parts like these drives that haven't been touched in over 10 years probably, and points out potential issues.
ZorbaTHut@reddit
Yeah, it's frankly gotten superhuman at reading code.
I had a weird threading race condition that I couldn't even isolate to a specific system. I had a test that reproduced it, but every time I tried simplifying the test, the bug went away. Asked AI, it chugged over the codebase for like twenty minutes and found exactly where the issue was. Didn't even have to write diagnostic code or run the tests.
I can't do that.
This really is an impressive strength of its.
i-hate-birch-trees@reddit
Yup, there are two things I can't not use an LLM anymore (and in my case it's my ollama with Qwen) - generating boring boilerplate code, like a massive if/then/else tree or a regular expression and code review. I think the quality of my PRs grew a lot since I made a habit of running a review before every major one.
F54280@reddit
Tou must have been living under a bridge for the last two weeks. Google something called Mythos.
For instance:
https://nerds.xyz/2026/04/firefox-ai-bug-hunting/
asm_lover@reddit
It's an unfortunate reality in this age as these tools are getting pretty good year over year.
I would frankly suggest something like an UNMAINTAINED/UNSAFE text file with all the drivers that are insecure or unmaintained but work. And then distro maintainers can decide whether to include them or not in their kernel builds.
Intrepid-Treacle1033@reddit
Read 3C509 cards driver is going, now that's a HW product number i recognize. One of my earliest IT job as an extra while studying was replacing old ether coax to a hub network using this cards (connected to a Novell server using IPX). Then upgrading again replacing hubs with switches all the time using 3Com 509 family of cards. Must have touched thousand of those cards over the years.
Also remember all the dust i breathed from cable runs and crawling under desks.
Radium@reddit
But... are newer ones going to actually be any less vulnerable honestly? lol
i-hate-birch-trees@reddit
If they're maintained - yes.
Jman43195@reddit
I'm disappointed to see the 3c59x driver be dropped, as it includes some very common pci cards that still have AUI on them
BZ852@reddit
I'm guessing it someone stepped in to offer to maintain them, they wouldn't be dropped. Having known exploitable code in the kernel seems bad.
zeno0771@reddit
Indeed, that statement had already been made:
algaefied_creek@reddit
Ah I see. Use the AI to detect errors, solve by removal of driver instead of using the AI that found the problem to fix the problem.
james_pic@reddit
Unless the AI also has the relevant hardware to test the fixes, it's not going to be up to the job.
Existing-Tough-6517@reddit
The detection is done by a different person who isn't qualified and or interested in the task.
You are assuming that the finding of such bugs somehow creates the obligation of bringing about your desired fix. Meanwhile you an interested party aren't willing to pay for this to be done
algaefied_creek@reddit
Exactly. It’s a form a sarcasm called “sardonic”
MorallyDeplorable@reddit
You're being a bit optimistic on what AIs can do there
algaefied_creek@reddit
I was being snarky. Classic Redditsnark.
It made more sense before I deleted a 10 year old account a few years ago.
Anyway, you are definitely right: https://www.reddit.com/r/Anthropic/comments/1ss3m0p/mythos_accessed_by_unauthorized_users_is_this_a
Pyryara@reddit
Dunno - if it is known exploitable code that can only run when you have some super rare cards, it's not something in-the-wild-exploits will be developed against? Is it really better to have the cards not work at all vs. them working with possible exploits? Some people still install Linux for offline machines, for example.
Ginden@reddit
Exploitable USB card can be used to escalate access: put RPi that identifies as obscure card, trigger vulnerable code.
polycro@reddit
You haven't lived unless your first access point in 2001 was a 486 mobo tied to a silver ORiNOCO via an ISA to PCMIA adapter.
PrimaryTale@reddit
Started with linux on a 386 and ka9q to forward network traffic to dual channel isdn card/adapter. wild times.
VirtualDenzel@reddit
486 in 2001? Wow, that sounds like you had a trrrible pc at that time.
Serial 14k4 mbps modem, 1993. Now that was the time
rick_C132@reddit
They used it as a router
Candid_Highlight_116@reddit
^(fucking fuck orinocos with wep and 11b)
struct_iovec@reddit
Uhh, seems you missed out on the joy that was 1990s winmodems
iamapizza@reddit
I know some of these letters
LousyMeatStew@reddit
We used the original Apple Airports for our first wireless deployment. Inside, there's just a ORiNOCO PCMCIA adapter just plugged into the logic board. Actually, our's were so early, they still had Lucent branding on them. We swapped out the Silver for Gold to "upgrade" the encryption (upgrade in quotes because WEP is useless).
You could also access the SMC connector to attach an external antenna. We drilled holes in the cases to run the little pigtails through so we could put the case back on. Nobody liked my idea of just mounting the bare logic board straight to the backboard.
No-Bison-5397@reddit
lol... "how can you use the internet if you're not plugged in?"
lugoues@reddit
My first router was a 486 dumb terminal scrapped from a old Marriott running the og coyote Linux. The good old days!
CursedSilicon@reddit
I discovered a couple years back that folks had Linux running on the OG Apple AirPort routers that used exactly that configuration
I tried getting the original OpenWRT release onto it to make it even funnier but gave up after a couple days
Migamix@reddit
Oh, just wait till you try to get an amiga online now.
shadfc@reddit
Why would you do this to us
AIR-2-Genie4Ukraine@reddit
early 2000s internet access was ... very HW dependent.
By the time you recovered from that, it was just time to get a usb modem and fglrx to work with your ATI card and kernel!
welcome to hell, population
lathiat@reddit
Can confirm: have lived
beegtuna@reddit
Work has been proceeding on the crudely conceived idea of an instrument that would not only provide inverse reactive current for use in unilateral phase detractors but would also be capable of automatically synchronizing Cardinal gram meters such an instrument comprised of Dodge gears and bearings Reliance electric motors.
thatwombat@reddit
I had a box of Symbol 802.11 cards from before WiFi was a standard. The access point was visible on my home WiFi, but you couldn’t connect to it. The manuals spoke of fixed location PC roaming among other things. Kind of a weird collection.
Bob4Not@reddit
Is there any way to have a separate track legacy Kernel with the older support? Maybe we move forward with the V3?
anh0516@reddit (OP)
That's what LTS kernels are for.
UnluckyDouble@reddit
Even those go out of scope pretty quickly though.
Of course, an old and unmaintained kernel will generally work with a modern userland unless it's a REALLY old kernel. But, you know, it might be time to retire your machine's ability to directly access the internet if you're gonna go that route.
jimicus@reddit
They’re already talking about dropping 32 bit support altogether.
At that point, maintaining device drivers for hardware that almost certainly doesn’t exist in a configuration that can plug into any 64-bit system seems a bit silly.
Existing-Tough-6517@reddit
Not really they aren't really supported very long
Bob4Not@reddit
That makes sense
corruptboomerang@reddit
Can't you just install the drivers separately?
panamanRed58@reddit
This is due to the results of Claude's Mythos. It should be expected as we assay the results transformative of all software. A very good, detailed for us geeks, review of Mythos's bug bounty comes from Steve Gibson on the podcast, Security Now!. He devotes an entire show to their announcement and dives deep into what was found. As a retired engineer I am a little sad I won't be part of this but also glad i won't be part of this. Serious bugs in closed and open sources software were uncovered and may take years to correct. It could even save M$ !
bAZtARd@reddit
People are downvotimg you because they don't want to hear the truth. This is only gonna get worse and we are seeing the beginning of the end of open source.
dnu-pdjdjdidndjs@reddit
why would this be the end of open source this just means code has to be structured more defensively with more managable attack surfaces/better isolation
which was basically already true we just now can simulate thousands of mid tier hackers analyzing files one by one separately
panamanRed58@reddit
lambs to the slaughter, I bid them adieu!
Damaniel2@reddit
Mythos is highly overrated. Its rate of detecting security issues isn't significantly higher than existing models, and all of the 'keeping it out of the hands of the public' is fearmongering to prop up IPO value.
Remember - if a tech bro's, and especially an AI tech bro's, sociopathic lips are moving, they're lying.
dnu-pdjdjdidndjs@reddit
mythos is mildly misleading but the find a bunch of vulnerabilities as a service thing they're doing where they burn a bunch of compute scanning files for suspicioud code then run another agent on that file looking for exploits with a model specifically designed to try and create exploits is probably still relevant
panamanRed58@reddit
It found a Sev 1 bug in OpenBSD that was 27 yrs old and part of the install on 5 billion devices. So had someone else using a clever LLM found it and had ill intent, we'd be fucked in a technical way. Please at least review the analysis, it will help you develop an informed opinion.
Albos_Mum@reddit
As a retro hardware enthusiast who outright recommends using modern open source software with retro hardware to better facilitate maintenance and the like I'm all for this, even beyond outright basic driver support the whole open source/free software stack is deviating quite far from what is optimal on old hardware anyway and it's impossible to truly bridge the gap without sacrificing stuff for the modern hardware or making the developers job a much bigger pain in the rear than it needs to be, or even the users job. (eg. It's entirely possible to get modern Linux on a mid-90s machine but you're going to be carefully selecting which software you're running and probably manually configuring slimmed down versions of some software such as the Linux kernel to make it work well.)
My opinion is that for these kinds of areas, you're best off ensuring network isolation (I run a separated "RetroLAN" network for my retro gaming PCs and consoles to access server storage or each other without having to worry about exposure to the internet, or if I do get something bad on one of those now-insecure software stacks having to worry about that exposure affecting my modern hardware and main network) or no networking at all and the retro community at large would be better off orientating how it uses modern software along similar lines where the old hardware can run the software it's actually suited for.
UnluckyDouble@reddit
Fundamentally, we're not NetBSD. Retrocompatibility is not our prime goal. And if retrocompatibility is your prime goal, well...take a look at NetBSD. Seriously, it runs on Amigas, and I don't mean the modern ones.
grathontolarsdatarod@reddit
I'm sure many of the network controllers that are temporarily paired with non ME cpus are going to be on this list.