Subj : The kernel becomes its own CNA
To   : All
From : LWN.net
Date : Mon Feb 19 2024 15:50:24

The kernel becomes its own CNA

Date:
Tue, 13 Feb 2024 19:13:10 +0000

Description:
Greg Kroah-Hartman has announced that the kernel project has been accepted as 
a CVE numbering authority
(CNA).  The way that CVE numbers will be handled by the kernel is described
in this
documentation patch : As part of the normal stable release process, kernel 
changes that
	are potentially security issues are identified by the developers
	responsible for CVE number assignments and have CVE numbers
	automatically assigned to them.  These assignments are published on
	the linux-cve mailing list as announcements on a frequent basis. 
Note, due to the layer at which the Linux kernel is in a system,
	almost any bug might be exploitable to compromise the security of
	the kernel, but the possibility of exploitation is often not
	evident when the bug is fixed.  Because of this, the CVE assignment
	team are overly cautious and assign CVE numbers to any bugfix that
	they identify.  This explains the seemingly large number of CVEs
	that are issued by the Linux kernel team.

======================================================================
Link to news story:
https://lwn.net/Articles/961961/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.