| ▲ | int0x29 3 hours ago |
| I'm curious what broke the embargo. Did it leak or did a third party find it independently? |
|
| ▲ | either-orr an hour ago | parent | next [-] |
| A link to the patch was posted in someone's X account. Someone else saw that and posted a working exploit in less than an hour (potentially exploited by an LLM, though other than the quick turnaround, claim not substantiated). https://x.com/encrypted_past/status/2052409822998392962 |
|
| ▲ | john_strinlai 3 hours ago | parent | prev [-] |
| it was published publicly by an unrelated third party |
| |
| ▲ | jacobgkau 2 hours ago | parent [-] | | They're asking the nature of the third party's discovery/publishing. Someone on the inside who decided to leak it anonymously? Someone else who was able to access some private communication they shouldn't have been able to see? Or a third party who happened to discover the same vulnerability (which seems less unlikely than normal since this is so similar to Copy Fail), but didn't follow disclosure procedures? | | |
| ▲ | staticassertion 2 hours ago | parent | next [-] | | The commit for the fix was public. Someone noticed. An exploit was published. | | |
| ▲ | ahartmetz 2 hours ago | parent [-] | | I think I read on the bug's website that "No fix has been released". I understood that as there is no public fix, but maybe it only means it's not in a tagged version of the kernel and no hotfixed distro kernels have been released? | | |
| ▲ | danudey an hour ago | parent [-] | | The patch was posted to the kernel mailing list; someone saw the e-mail, read the patch, figured it out, and published an exploit very soon after. |
|
| |
| ▲ | lofaszvanitt 2 hours ago | parent | prev [-] | | Following disclosure procedures? The main cause that kills the need to take security seriously. |
|
|
