There’s no way of knowing that, though. Perhaps their Linux and Darwin drivers wouldn’t have paniced the system?
Regardless, doing almost anything at the kernel level is never a good idea
It’s not impossible. Crowdstrike has done it recently to linux machines.
Kernel panic observed after booting 5.14.0-427.13.1.el9_4.x86_64 by falcon-sensor process:
https://access.redhat.com/solutions/7068083
Also, it’s less about “their” drivers and more about what a kernel module can do.
Saying “there’s no way to know” doesn’t fit, because we do know that a malformed kernel module can destabilize a linux or mac system.
“Malformed file” isn’t a programming defect or something you can fix by having a better API.
Having the data exposed to userspace via an API would avoid having to have a kernel module at all… Which when malformed wouldn’t compromise the kernel.
