University of Minnesota was banned from contributing to the Linux kernel due to deliberate introduction of vulnerabilities.
Greg Kroah-Hartman, the maintainer of the Linux kernel project, decided to ban the University of Minnesota (UMN) from contributing to the open source Linux project. The reason is that researchers at the University of Minnesota were found to have submitted a series of malicious code or deliberately introduced patches with security vulnerabilities in the official Linux code base as part of their research activities.
For the above reasons, Greg decided to revert all code submissions submitted from @umn.edu email addresses.
“The submissions from the @umn.edu address were found to be malicious submissions. Because of this, all submissions from this organization must be restored from the kernel tree and need to be reviewed again to determine whether they are really effective fixes.”
Researchers at the University of Minnesota deliberately introduced vulnerabilities in the mainline of the Linux kernel, and based on this, published a paper describing “open source insecurity” in February 2021. The focus of this research is to deliberately introduce known security vulnerabilities into the Linux kernel by submitting malicious or insecure code patches.
However, even after this paper, researchers at the University of Minnesota introduced a new round of patches, which claim to come from “a new static analyzer”, but in fact the patch has no real value. For better or worse, it is at least wasting the time of upstream developers, and this ultimately led to Greg’s decision to ban them from trying to contribute to the Linux kernel in the future.
Greg wrote on the kernel mailing list this morning: “These new patches obviously don’t fix anything at all. Then, except you and your team continue to send such nonsense patches to developers in the kernel community. What else can I think of outside of the experiment?
Anyone who has some knowledge of the C language can see that the patch you submitted has no effect at all. Because of this, I now have to ban all future contributions from your university and Delete your previous contributions, because they were clearly submitted in a malicious way to cause problems. Therefore, people from the University of Minnesota are no longer welcome to contribute to upstream Linux kernel development.”
Up to now, it has been confirmed that the previous patch (significant patch) submitted by the University of Minnesota to the Linux kernel will be restored.