Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y6VTdO608VUE38Ke@kroah.com>
Date: Fri, 23 Dec 2022 08:06:28 +0100
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: Details on this supposed Linux Kernel ksmbd RCE

On Thu, Dec 22, 2022 at 04:49:04PM -0500, Jan Schaumann wrote:
> Lastly, given that this is a coordinated disclosure,
> I don't know why there are no CVE IDs reserved for
> these.

The kernel developers do not work with CVEs at all as they are not all
that relevant for the most part for kernel issues.  MITRE agrees with us
will not even give them to us if we ask for them :)

Some Linux companies still insist on assigning CVEs, but that's
primarily to help enable their internal engineering processes more than
anything else.

As an alternative, please look at the GSD (Global Security Database,
https://globalsecuritydatabase.org/) for which the kernel does get ids
assigned for issues like this, and many many others.

sorry,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.