5 min read
Linux kernel now issues its own CVEs as a CNA
The Linux kernel CNA team reviews stable kernel bug fixes to assign CVEs based on cve.org's vulnerability definition. They focus on commits that fix exploitable issues, like certain WARN_ON triggers, ignoring non-security bug fixes. The process involves team voting and community input, issuing about 60 CVEs weekly. Users are advised to apply all stable updates rather than cherry-picking fixes.