From: Michal Hocko <mhocko@suse.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: corbet@lwn.net, workflows@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org,
security@kernel.org, Kees Cook <keescook@chromium.org>,
Sasha Levin <sashal@kernel.org>, Lee Jones <lee@kernel.org>
Subject: Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process
Date: Thu, 15 Feb 2024 18:54:17 +0100 [thread overview]
Message-ID: <Zc5PycMenLBYECAn@tiehlicka> (raw)
In-Reply-To: <2024021430-blanching-spotter-c7c8@gregkh>
On Wed 14-02-24 09:00:30, Greg KH wrote:
[...]
> +Process
> +-------
> +
> +As part of the normal stable release process, kernel changes that are
> +potentially security issues are identified by the developers responsible
> +for CVE number assignments and have CVE numbers automatically assigned
> +to them. These assignments are published on the linux-cve-announce
> +mailing list as announcements on a frequent basis.
> +
> +Note, due to the layer at which the Linux kernel is in a system, almost
> +any bug might be exploitable to compromise the security of the kernel,
> +but the possibility of exploitation is often not evident when the bug is
> +fixed. Because of this, the CVE assignment team is overly cautious and
> +assign CVE numbers to any bugfix that they identify. This
> +explains the seemingly large number of CVEs that are issued by the Linux
> +kernel team.
Does the process focus only on assigning CVE numbers to a given upstream
commit(s) withou any specifics of the actual security threat covered by
the said CVE?
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2024-02-15 17:54 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 8:00 [PATCH v3] Documentation: Document the Linux Kernel CVE process Greg Kroah-Hartman
2024-02-14 8:34 ` Lukas Bulwahn
2024-02-15 12:04 ` Greg Kroah-Hartman
2024-02-15 16:10 ` Oleksandr Natalenko
2024-02-15 17:49 ` Greg Kroah-Hartman
2024-02-14 8:37 ` Vegard Nossum
2024-02-15 11:50 ` Greg Kroah-Hartman
2024-02-15 12:24 ` Vegard Nossum
2024-02-16 8:28 ` Jani Nikula
2024-02-16 11:22 ` Greg Kroah-Hartman
2024-02-16 14:58 ` Jonathan Corbet
2024-02-17 7:31 ` [RFC] doc headings sweep Vegard Nossum
2024-02-17 16:34 ` Randy Dunlap
2024-02-19 21:05 ` Jonathan Corbet
2024-02-17 11:56 ` [PATCH v3] Documentation: Document the Linux Kernel CVE process Greg Kroah-Hartman
2024-02-14 13:10 ` Krzysztof Kozlowski
2024-02-15 12:00 ` Greg Kroah-Hartman
2024-02-14 13:41 ` Konstantin Ryabitsev
2024-02-15 11:59 ` Greg Kroah-Hartman
2024-02-14 13:43 ` Jiri Kosina
2024-02-14 13:55 ` Mark Brown
2024-02-14 14:32 ` Greg Kroah-Hartman
2024-02-14 14:46 ` Jiri Kosina
2024-02-14 15:10 ` Mark Brown
2024-02-14 13:58 ` Greg Kroah-Hartman
2024-02-14 14:38 ` Jiri Kosina
2024-02-14 15:09 ` Greg Kroah-Hartman
2024-02-15 8:17 ` Thorsten Leemhuis
2024-02-15 8:43 ` Greg Kroah-Hartman
2024-02-15 17:54 ` Michal Hocko [this message]
2024-02-15 18:20 ` Greg Kroah-Hartman
2024-02-15 18:36 ` Michal Hocko
2024-02-16 11:25 ` Greg Kroah-Hartman
2024-02-16 13:20 ` Michal Hocko
2024-02-16 15:34 ` Greg Kroah-Hartman
2024-02-16 16:51 ` Michal Hocko
2024-02-15 19:40 ` Kees Cook
2024-02-16 7:41 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zc5PycMenLBYECAn@tiehlicka \
--to=mhocko@suse.com \
--cc=corbet@lwn.net \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=lee@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=security@kernel.org \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.