In Linux it could be implemented as an eBPF thing while most of the app runs in userspace.

And, for specialised uses, such as airline or ER systems, a cut-down specialised kernel with a minimal userland would not require the kind of protection Crowdstrike provides.

I’m sure the NSA wasn’t affected by this.