we're in the "anyone can generate an exploit from the patch" place now

Patches on closed-source operating systems like iOS or Android provided very useful resources for reverse-engineering teams to be able to create a useful exploit. Patches on open-source operating systems worked the same way. Nation-states and other hacking groups would always take a look at it.

But this took time and expertise which was really rare. We're seeing exploits published from Linux patches within hours of the patch (probably LLM assisted) for vulnerabilities which were discovered using LLM assistance in the first place.

We're on our third high-profile CVE following a trend like this this week.

Anyways, Jstpst has the mitigation for the latest Linux exploit