this post was submitted on 22 Oct 2024
227 points (100.0% liked)

Linux

5230 readers
230 users here now

A community for everything relating to the linux operating system

Also check out [email protected]

Original icon base courtesy of [email protected] and The GIMP

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 3 weeks ago

This is a patch from the hardware vendor so I am assuming that the ask is not that the hardware vendor take responsibility but that they not release buggy hardware. That is what I mean about the validation issue.

The attack vector is shared in the patch so it isn't entirely a theory.

There is a comment from Linus about how this patch is only needed for some hardware and doesn't apply to others but I don't get his relevance there as different hardware validates against different use cases and their source logic might be entirely disparate.

So my validation talk is simply saying that bugs happen. My concern here is what more should a hardware vendor do beyond submitting a kernel patch? You can't just not have the bug, and if you recall the part someone else will just keep theirs in the field and take all the market share and roll the dice that their bugs don't get exploited.