Huawei denied on Monday having any official involvement in an insecure patch submitted to the Linux kernel project over the weekend; patch that introduced a "trivially exploitable" vulnerability.
The buggy patch was submitted to the official Linux kernel project via its mailing list on Sunday. Named HKSP (Huawei Kernel Self Protection), the patch allegedly introduced a series of security-hardening options to the Linux kernel.
Big tech companies that heavily use Linux in their data centers and online services, often submit patches to the Linux kernel. Companies like Google, Microsoft, Amazon, and others have been known to have contributed code.
Trivially exploitable vulnerability found in HKSP
On Sunday, the HKSP submission sparked interest in the Linux community as could signal Huawei's wish to possibly contribute to the official kernel. Due to this, the patch came under immediate scrutiny, including from the developers of Grsecurity, a project that provides its own set of security-hardening patches for the Linux kernel.
In a blog post published on the same day, the Grsecurity team said that it discovered that the HKSP patch was introducing a "trivially exploitable" vulnerability in the kernel code -- if the patch was to be approved.
Rumors and conspiracy theories almost immediately started online, accusing Huawei of trying to sneakily introduce vulnerabilities in the Linux kernel.
However, in a statement published on Monday, Huawei said that the company has no official involvement in the HKSP project, despite the project using the Huawei name in its title and the project having been developed by one of its top security engineers.
The company said the project was created and submitted to the Linux kernel project by the engineer, without its formal backing, and the HKSP code was never actually used in any of the official Huawei products.
"It is only the demo code used by an individual for technical discussion with the open source community Openwall," Huawei said.
An update was also added to the HKSP project on Monday, with the Huawei employee adding a similar disclaimer.
The reaction from the tech community in this particular case also shows the global anti-Huawei sentiment, which has been spurred in recent years by countless of security issues in the company's products, accusations of intellectual property theft, accusations of hiding secret backdoors in its firmware, and the West's fear of having the Chinese government spy on worldwide communications via the ever-popular Huawei equipment.
Linux gaming made easy: The fastest way to get up and running