No, they disclosed it to the Linux kernel security team, a patch was committed to mainline, then this was disclosed publicly. https://copy.fail/#timeline
They don’t have to coordinate disclosure with every distribution vendor, but droppings public PoC exploit script 28 days after the patch was committed to mainline kind of seems like a dick move to me.
No, they disclosed it to the Linux kernel security team, a patch was committed to mainline, then this was disclosed publicly. https://copy.fail/#timeline
They don’t have to coordinate disclosure with every distribution vendor, but droppings public PoC exploit script 28 days after the patch was committed to mainline kind of seems like a dick move to me.