|
|
|
|
|
|
by TheDong
293 days ago
|
|
|
This is misplaced in this case. The author mentioned CVE-2021-26708, which is very similar to this bug, and in fact the author both exploited it and authored the upstream fix in the kernel. > and it requires a very different skill set than finding or exploiting them anyway I disagree with that. Exploiting bugs is really hard, and if you can exploit them, you absolutely know enough about the kernel in order to patch it. Sure, architecting a kernel, making code maintainable, that's a software engineering skill. But fixing a use-after-free? That's easier than exploiting it, of course they can fix it. |
|
|