Linux kernel maintainers have initiated a broad effort to purge legacy code from the networking subsystem as of April 22, 2026. This move is a direct response to the overwhelming volume of security bug reports being submitted by automated tools powered by large language models (LLMs). Maintainers report that while LLMs are increasingly capable of identifying potential memory safety issues and race conditions, a significant portion of these reports target obscure, decades-old code that sees little to no modern usage.
Technical leads within the Linux Foundation have noted that the triage process for these reports has become unsustainable. In the networking subsystem alone, the volume of incoming security disclosures has increased by approximately 450 percent over the past twelve months. Jakub Kicinski, a primary maintainer for the Linux networking stack, stated in a mailing list update today that the time spent verifying and dismissing low-quality or non-exploitable LLM-generated reports is detracting from critical development on modern infrastructure.
The removal process targets specific components within the kernel version 6.14 and upcoming 6.15 development cycles. Affected areas include legacy ISDN (Integrated Services Digital Network) support, several niche 10/100 Mbps Ethernet drivers, and older amateur radio protocols. By removing these components, maintainers aim to reduce the total lines of code available for automated scanning, thereby shrinking the attack surface and the corresponding influx of automated reports. Official data indicates that the networking subsystem has already seen the removal of over 120,000 lines of code in the current window.
The Linux kernel community is also implementing stricter submission guidelines for security researchers. Effective immediately, reports generated via automated LLM scanning must be accompanied by a functional proof-of-concept exploit to be prioritized. This policy change follows a report from the Open Source Security Foundation (OpenSSF) which found that nearly 70 percent of LLM-identified vulnerabilities in legacy kernel modules were either false positives or lacked a viable path for exploitation in modern hardware environments.
While the removal of legacy code improves the maintainability of the kernel, it also marks a transition in how open-source projects interact with AI-driven security tools. The Linux Foundation has confirmed that other subsystems, including the storage and sound drivers, are conducting similar audits to identify candidates for deprecation. This systematic reduction of the kernel footprint is expected to continue throughout 2026 as maintainers prioritize code quality and human triage capacity over backward compatibility for obsolete hardware.