[$] How kernel CVE numbers are assigned
19 juin 2024 à 13:48
It has been four months since Greg
Kroah-Hartman and MITRE
announced that the Linux kernel project had become its own CVE Numbering
Authority (CNA). Since then, the Linux CNA Team has developed workflows
and mechanisms to help manage the various tasks associated with this
challenge. There does however, appear to be a lack of understanding among
community members of the processes and rules the team have been working
within. The principal aim of this article, written by a member of the
Linux kernel CNA team, is to clarify how the team works and how kernel CVE
numbers are assigned.