My feeling is that we only need to keep this embargoed if an unprivileged user/attacker can a) force the server to reboot and b) control the reassignments.
If the attacker can't do both of those things then it's just a regular bug.
My feeling is that we only need to keep this embargoed if an unprivileged user/attacker can a) force the server to reboot and b) control the reassignments.
If the attacker can't do both of those things then it's just a regular bug.