Hacker News new | past | comments | ask | show | jobs | submit login

It looks like this also affects systems where the feature is not enabled, but for "local" attackers. Does that mean exec as "www-data" or "nobody" accounts (what about VMs?). Making every little wordpress plugin vulnerability into a CPU-rooting hack?

From what we can see so far, potentially more the latter than the former.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact