Just been reading about it - also affected Debian and Rocky Linux.
I’ve been deploying Falcon Crowdstrike (VERY reluctantly I might add!) to Linux servers since around February…
Fortunately - all of them are RHEL 8 (or earlier) and the Crowdstrike “bug” was more RHEL 9 and kernel 5.x…
I’ve deployed a few RHEL9 instances for other customers this year, but also, fortunately, those customers don’t use Crowdstrike…
I just watched a very informative youtube from a former Microsoftee - who worked on Windows NT - basically the bug is an empty *.sys file that the ring 0 Crowdstrike device driver tries to load into memory - or something :
The more “agents” you install on a system - the more unstable it will be - the more moving parts in the kernel / ring 0 - the more likely failures are…
I remember in Windows NT 3.51 - the HAL, “hardware abstraction layer” - didn’t have 100% privileged access to the kernel - but Microsoft went back on that with Windows NT 4.x in order to get better performance, especially on workstations…