One central component of a computer system is its operating system kernel. The kernel is a piece of software responsible for providing secure access to the computer system's hardware and to various computer processes. Accessing the hardware directly can be very complex, as there are different hardware designs for the same type of component. Kernels usually implement some hardware abstraction to hide the underlying complexity from the operating system and provide a clean and uniform interface to the hardware.
Kernels typically may employ one or more modules to assist in the functionality of the kernel. Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. One example of a kernel module is a device driver, which allows the kernel to access hardware connected to the system of the kernel. Without modules, new functionality would have to be added directly into the kernel, creating the disadvantage of requiring the kernel to be rebuilt and rebooted every time the functionality needed to be added.
Currently, most kernels are not statically linked and loaded, but instead dynamically linked in kernel modules and drivers at run time to provide functionality and/or support as needed. When a program is compiled statically, the kernel modules can be validated against one another as they are loaded. However, with current dynamic loading, most of the information that would have been present at a static loading build time is not present at a run time of the dynamic loading.
Therefore, dynamically-loaded kernels are vulnerable to problems where shared objects or understanding of object contents can differ between modules. Currently, no automated checking is done between these shared objects to ensure compatibility. As a system has modules patched or loaded from third-party companies, the potential for incompatible modules increases as there is no ability to cross-check the modules because the vendors are not privy to one another's module construction. When an incompatibility does occur, it can cause data corruption, system crashes, and other negative consequences. An attempt could be made to find the problems. Yet, this requires expert analysis of all involved modules and some luck in finding the problem. Time has shown that problems like this occur with frequency and are nearly impossible to diagnose.