The fact that they have no idea RHEL 14, probably the most well known enterprise distro, is not a thing, and yet they "directly verified on it" casts some doubt on seriousness.
replyIs it more likely they have no idea what version RHEL is on, or that it's just a typo?
replyI don't know what to tell you. I'm sure you have them dead to rights on Linux distro knowledge reliability, but the exploit here is real, and the vulnerability researchers they have on staff are also real. Xint is not generally a slop factory.
replyIt's ironic that the one thing LLMs can't do reliably in this space is "write copy for humans" (I don't trust them for that either).
Honestly I feel like a coding agent review would have caught this issue. I guess if you want to vibe-code your branded CVE web site it's not a bad idea to at least mash /review at the end.
replyKind of funny to do something impressive and then ignore the details on the presentation, but perhaps that's not uncommon for security researchers?
deleted
replydeleted
replyDropping a public exploit on github before distros have patches available isn't very cool, or is that just how veterans roll these days?
replyThere is no one accepted set of norms on disclosure. Any strategy you take, someone will criticize.
replyI don’t know if “cool” is the word I’d use, but there isn’t an established “right” way to disclose a vulnerability that you found outside of a contracted security review or other employment/contracting arrangement.
replymainline was patched a month ago
reply