If you can’t demonstrate an attack they will assume the issue isn’t exploitable.
Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise
There are definitely bullshit cves out there but I don’t think that’s a good general rule. Especially in this context where it’s literally unpatchable at the root of the problem.
Absolutely. Theory doesn’t always equal reality. The security guys submitting CVE’s to pad their resumes should absolutely be required to submit a working exploit. If they can’t then they’re just making needless noise
There are definitely bullshit cves out there but I don’t think that’s a good general rule. Especially in this context where it’s literally unpatchable at the root of the problem.