Linux LPE vulnerabilities are dropping like flies all of a sudden.Anyone knows what is going on?
Same as it ever was.
>>108799303the glowies planted them
>>108799303microsoft has a whole division dedicated to finding and planting them, and has been sleeping on them and are now releasing them because they feel threatened.
>>108799303People always look for the same exploit in other places.The same thing happened after Spectre.
>>108799303AI is discovering all the glowies 0 days
>>108799303Script kiddies + AI
>>108799303Glowfag backdoors are being found by AI.And the ones who steer the AI are Korean researchers, because no Westoids would ever be allowed to do this.
>>108799507>>108799456>>108799335Reminder that those "vulnerabilities" were implemented 2017/18.Which is around the time in which Linus Torvalds had to apologize for being rude and Linux adopted a Code of Conduct.It is blatantly obvious that those are glowfags backdoors. That it was Koreans who had to find them, while none of those multi billion $$$ American corpos could in their audits, is the cherry on top.
You know "Linux LPE vulnerabilities are dropping like flies" means "Linux LPE vulnerabilities are being destroyed at an incredible rate", right?This feels like a microjeet anti linux thread so I don't think your intent is being excited about how many vulnerabilities are successfully being dealt with but that's what you are conveying.
>>108799483sounds like the script kiddies + ai is better then real programmers then if it actually fixes and finds things 'real' programmers cant after years!!half of /g/ will be homeless soon!! LOL
This is the prompt used to find copyfail:>This is the linux crypto/ subsystem. Please examine all codepaths reachable from userspace syscalls. Note one key observation: splice() can deliver page-cache references of read-only files (including setuid binaries) to crypto TX scatterlists.As you can see, AI got used more like an advanced Ctrl-F, the guy knew exactly what he was looking for and is familiar with the code base.
>>108799578How did he know that splice can do that? Sounds like (((someone))) already knew about that vulnerability beforehand?
>>108799534It means that the best kernel versions to use is either 3.16 or the current LTS 6.18 after patches.We can assume that glowies will castrate AIs and forbid them from finding certain backdoors, and will implement other backdoors in the near future.
>>108799592It's probably a guy who spends his time skimming through source code, figuring out how things work, getting familiar with the concept of a page cache and thought: "huh, if someone could overwrite this, he would have full system access", then looked at methods that access it, where those are imported and queried the AI on whether or not it could be abused in that specific part.Looks legit and not that unlikely to me.
>>108799601>We can assume that glowies will castrate AIs and forbid them from finding certain backdoors, and will implement other backdoors in the near future.The thing is that we have amazing FOSS models like Qwen coder, and also the claude framework (everything except the model) was leaked. So one could easily use the claude framework together with Qwen coder model and it would work. Not as well as Claude general, but it would work.
>>108799303>Anyone knows what is going on?Security researchers are using AI to automate auditing for vulnerabilities. If they're already talented at identifying probable vulns it can speed up the part where they go from a suspected vulnerable function to a working exploit. Glasswing is also ramping up, so internal dev teams are also going to start identifying more vulns in their own code base. Basically CVEs are going to explode, and keeping up is gonna be a nightmare.
>>108799657And without AI, this would have taken months. And nobody would have paid for those months. Especially because you don't know if there is anything to find in the first place.AI made something possible that was not possible before. Finding glowfag backdoors is the best use case for AIs yet.
>>108799705they will use AI to keep up
>>108799705>CVEs are going to explode, and keeping up is gonna be a nightmareExposing a vulnerability is better than having it hidden and unknown. It's a good thing, for everybody, except for glowfags.
>>108799534>tech illiterate jeet wintard who probably never heard of git, let alone know about git-blame
>>108799578>AI got used more like an advanced Ctrl-FAnd that’s all it takes to change cybersecurity forever.Most zero days are living on borrowed time now.
>>108799303>Linux LPE vulnerabilities are dropping like flies all of a sudden.That is not what that expression means.
>>108799902But when shitting in street I become covered in flies, and they drop from an ascension position upon my dung. You are whom to be incorrect according to logic of your language. Timmy cannot fathom this!
>>108799303>8 Linux CVEs/bugs in it's whole history>Windows has 30 thousand new CVEs/bugs EVERY MONTHYeah really horrible how Linux has couple while Windows had 14.8 million. Stfu OPhttps://unlocked.microsoft.com/pride/
>>108799303glowies inserted backdoors in crypto libraries that you can use to modify memory
>>108799303Humans are worse at reading code than LLMs.
>>108799534some dev was mad cos copy fail wasn't supposed to be in there to begin with o algo. I don't remember where I read this.
>>108799578>Ctrl-Fmore like a fuzzer you don't have to set up in a classical sense
>>108799303Did you think it was a coincidence that the “voices online” were always telling you to switch to Linux for security?
>>108800444Attacking Microsoft for being ‘gay friendly’ while praising linux is a curious take.
>>108799902That is exactly what it means retard
>>108802249>curious takeWhat you even mean? Microsoft and Apple are official supporters of LGBT and BLM. Linux is not. Pretty simple.
>>108805048And it was funded by BlackROCK and VanGuard, so i don't trust them.
>>108799553Of course OP doesn't know that.They're an ESL poo nigger.
>>108799356Microsoft's business literally depends on Linux.
>>108799534Whose commit was it?
>>108805048>MS and Apple support gay shitvs>Most Linux software and distros have at least multiple actual trannies directly working on them, alongside things like CoCsWhich one is worse?
>>108806516MS and Apple because they are unfree
>>108799303LINUX = NIGGERMAC = NIGGERWINDOWS = NIGGERWhere are the good operating systems???
Oh no, lunduke sent his drones again.
>>108799303>>108799578Some faggot will say it's AI because he's a braindead sperg but if you look at teh original copy-fail writeup: This has been the work of a single researcher the last ten years exploring COW vulnerabilities on Linux, and each one is just an extension of the last.AI's contribution was setting up fuzzing test cases and nothing more. The guy already knew where to look because he's a serious researcher and not a street shitter
>>108806533https://www.haiku-os.org
