logoalt Hacker News

jsiepkestoday at 3:06 PM2 repliesview on HN

If this is a local privilege escalation to root, why can't I find anything on https://www.openbsd.org/security.html ?


Replies

justthehumantoday at 3:27 PM

Best guess, from the commit message alone[0]: It was fixed as a bug, at the time they didn't have evidence it could lead to LPE

The AI security tool then, retroactively discovered that it could have been used for LPE.

Again, just my guess I could be wrong.

[0] https://github.com/openbsd/src/commit/1957873d2063db11dab780...

stackghosttoday at 3:30 PM

OpenBSD has a reputation for being... selective about what they admit is a security-relevant bug.

show 1 reply