Date: Fri, 23 Dec 2022 08:06:28 +0100 From: Greg KH <greg@...ah.com> To: oss-security@...ts.openwall.com Subject: Re: Details on this supposed Linux Kernel ksmbd RCE On Thu, Dec 22, 2022 at 04:49:04PM -0500, Jan Schaumann wrote: > Lastly, given that this is a coordinated disclosure, > I don't know why there are no CVE IDs reserved for > these. The kernel developers do not work with CVEs at all as they are not all that relevant for the most part for kernel issues. MITRE agrees with us will not even give them to us if we ask for them :) Some Linux companies still insist on assigning CVEs, but that's primarily to help enable their internal engineering processes more than anything else. As an alternative, please look at the GSD (Global Security Database, https://globalsecuritydatabase.org/) for which the kernel does get ids assigned for issues like this, and many many others. sorry, greg k-h
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.