Comment by creatonez
11 hours ago
In this case, no insiders broke the embargo. It was reverse engineered from the patch by an unrelated third party and a proof of concept immediately came out of it. At that point, it's kinda fair game.
11 hours ago
In this case, no insiders broke the embargo. It was reverse engineered from the patch by an unrelated third party and a proof of concept immediately came out of it. At that point, it's kinda fair game.
I assume that while Mythos may be really good at finding vulnerabilities, lighter models may still do a pretty good job of explaining/exploiting the vulnerability if given the patch which fixes it.
Maintainers attempt to reduce the likelihood of that somewhat by giving security patches boring-sounding commit messages. When there are thousands of patches for every kernel release to sift through, that adds a small barrier for would-be exploiters.