Trend Micro Deep Security Agent Flaw Allows Repeatable Security Bypass

Trend Micro Deep Security Agent for Linux has a behavior-monitoring design flaw: an unprivileged local "event storm" can cause ds_am.init to repeatedly rmmod and reload the bmhook and tmhook kernel modules, producing short (1–2s) protection gaps during a longer livepatch cycle (~20s) that an attacker can weaponize to stage or execute malware that would otherwise be blocked. The issue affects Linux endpoints with the DSA kernel support pack, is not a remote code execution, and is characterized as a local, repeatable protection bypass.