←back to thread

Kernel-hack-drill and exploiting CVE-2024-50264 in the Linux kernel

(a13xp0p0v.github.io)
239 points r4um | 1 comments | 03 Sep 25 06:58 UTC | HN request time: 0.206s | source
Show context
charcircuit ◴[03 Sep 25 09:05 UTC] No.45113673[source]
>Convinced the path forward would be painful, I shelved the bug.

As opposed to fixing the bug? Either the incentives are broken for security researchers to fix bugs, contributing fixes to Linux is broken, or both.

A rewrite of these user interactable subsystems in Rust can't come soon enough.

replies(4): >>45113715 #>>45113831 #>>45113876 #>>45114005 #
1. TheDong ◴[03 Sep 25 09:38 UTC] No.45113876[source]
I mean, yes, the incentives are in fact such that sitting on a potentially exploitable bug is better for a security researcher than patching it early.

Like, if you have a root priv escalation, that can potentially get you a bug bounty from various hosted AI sandboxes, CI sandboxes, an android app sandbox escape, and probably a few more.

If you have a probably-not-exploitable kernel crash, you get a CVE at best, and possibly not even that.

What do you propose we do, should google assume all kernel bugs are potential exploits and give Linus $100k per commit, making him the richest man on earth?