| ▲ | TheDong 6 days ago | |||||||||||||||||||||||||
This is misplaced in this case. The author mentioned CVE-2021-26708, which is very similar to this bug, and in fact the author both exploited it and authored the upstream fix in the kernel. > and it requires a very different skill set than finding or exploiting them anyway I disagree with that. Exploiting bugs is really hard, and if you can exploit them, you absolutely know enough about the kernel in order to patch it. Sure, architecting a kernel, making code maintainable, that's a software engineering skill. But fixing a use-after-free? That's easier than exploiting it, of course they can fix it. | ||||||||||||||||||||||||||
| ▲ | Den_VR 6 days ago | parent [-] | |||||||||||||||||||||||||
There’s the technical challenge, and then there’s the process challenge. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||