Recently Steven J. Vaughan-Nichols wrote a good articles about the recent Linux security FUD’s that have been seen around lately, Boothole, Drovorub, and Doki. They all have one thing in common, to be able to utilize them, you need first gain root access and if you have root access you can do what ever you want anyway, unless you happen to be restricted by SELinux which can restrict quite a lot what a normal root user can do.
This ain’t the first time and not the last time we will see this kind of news to be posted online to discredit Linux, sure Linux ain’t 100% secure, as it’s written by humans who can make mistakes and introduce security vulnerabilities, but it’s not as insecure as microsoft windows where you only need to have one application window which is run as Administrator and the whole system is vulnerable if a external entity managed to execute something on the machine, regardless of which user they execute as. Yes, microsoft windows has a old backwards compatibility issue that causes it to be insecure, a window do not control from which user the request comes from, so it will happily execute requests with the privilege it is running as, so an administrator window will always execute things as administrator, no matter if it’s a user with or without administration privilege who requests to run format c: /x /q.
If you read that a severe Linux bug requires root access to utilize a vulnerability, then it’s not a severe issue, it’s a minor. The sever vulnerability is how would someone from the outside gain root access in the first place, fix that and your system will be safe even if you haven’t patched the issue.