| ▲ | tptacek 6 hours ago | |
Without taking a position on the disclosure mechanics: any hosting provider hacked with this was already playing to lose. It is not OK to run competing untrusted tenant workloads under a single shared kernel. Kernel LPEs are not rare. This was a particularly simple and portable one, but the underlying raw capability is a CNE commodity. | ||
| ▲ | jcalvinowens 4 hours ago | parent | next [-] | |
> Kernel LPEs are not rare. This was a particularly simple and portable one, but the underlying raw capability is a CNE commodity. I absolutely 100% agree with this and I'm glad to see somebody saying it. Any system that is one LPE away from being compromised is already insecure. | ||
| ▲ | 2 hours ago | parent | prev [-] | |
| [deleted] | ||