Post B6AOPVd5p9MgPF4SUS by rene_mobile@infosec.exchange
 (DIR) More posts by rene_mobile@infosec.exchange
 (DIR) Post #B6AOPVd5p9MgPF4SUS by rene_mobile@infosec.exchange
       2026-05-10T21:35:27Z
       
       1 likes, 1 repeats
       
       Releasing a universal #Linux #kernel #exploit with very little or even no previous time to distribute a patch through distributions is not cool. Doing it on the day before a weekend - on two weekends in a row - is just being an asshole. Looking at you, #CopyFail and #DirtyFrag. You may think it helps your PR, that people will queue to use your cool new AI/agentic/whatever tool because you found the bug. You may think that releasing the full exploit because somebody else was even quicker with "leaking" your cool find makes it right. You're wrong. This is neither responsible nor coordinated disclosure. In security, we've tried to learn the hard lessons on keeping in-production, live systems on a global scale safer. Yes, those bugs have existed for a long time in the kernel source. Yes, other bad actors may already have found them. But you're shining a light on it *and* giving every script kiddie in the world a working exploit to point their mass scans at. That's dangerous. There's a reason why the normal process is to reach out at least to the most widely installed distributions before releasing the bug details publicly. There's a reason why 90 days is a good default - it allows downstream percolation of patches. You can still get the credit. This way, you only create stress for admins.[For a little relief, refer to https://www.tomshardware.com/tech-industry/cyber-security/dirty-frag-exploit-gets-root-on-most-linux-machines-since-2017-no-patches-available-no-warning-given-copy-fail-like-vulnerability-had-its-embargo-broken for a quick mitigation, because updating kernels and rebooting a fleet of hosts just takes time, weekend or not. #HugOps]