Lines Matching +full:many +full:- +full:to +full:- +full:one

6 unambiguous way to identify, define, and catalog publicly disclosed
8 regards to the kernel project, and CVE numbers were very often assigned
10 the kernel development community has tended to avoid them.  However, the
11 combination of continuing pressure to assign CVEs and other forms of
16 The Linux kernel developer team does have the ability to assign CVEs for
19 process<../process/security-bugs>`.
22 archives of the linux-cve mailing list, as seen on
23 https://lore.kernel.org/linux-cve-announce/.  To get notice of the
25 <https://subspace.kernel.org/subscribing.html>`_ to that mailing list.
33 to them.  These assignments are published on the linux-cve-announce
36 Note, due to the layer at which the Linux kernel is in a system, almost
37 any bug might be exploitable to compromise the security of the kernel,
40 assign CVE numbers to any bugfix that they identify.  This
45 should have a CVE assigned to it, please email them at <cve@kernel.org>
47 security issues should be sent to this alias, it is ONLY for assignment
51 process<../process/security-bugs>`.
55 is available and applied to a stable kernel tree, and it will be tracked
56 that way by the git commit id of the original fix.  If anyone wishes to
58 contact the kernel CVE assignment team at <cve@kernel.org> to get an
69 The authority to dispute or modify an assigned CVE for a specific kernel
75 its appropriate CVE designation.  Any attempt to modify or dispute a CVE
76 outside of this designated authority could lead to confusion, inaccurate
83 a Linux distribution due to the changes that have been made by that
84 distribution, or due to the distribution supporting a kernel version
85 that is no longer one of the kernel.org supported releases, then a CVE
92 kernel CVE assignment team at <cve@kernel.org> so that they can work to
98 As the Linux kernel can be used in many different ways, with many
100 the applicability of any specific CVE is up to the user of Linux to
101 determine, it is not up to the CVE assignment team.  Please do not
102 contact us to attempt to determine the applicability of any specific
105 Also, as the source tree is so large, and any one system only uses a
110 of the kernel that you use, so there is no way for us to determine if a
113 As always, it is best to take all released kernel changes, as they are
114 tested together in a unified whole by many community members, and not as
115 individual cherry-picked changes.  Also note that for many bugs, the
116 solution to the overall problem is not found in a single change, but by
117 the sum of many fixes on top of each other.  Ideally CVEs will be
118 assigned to all fixes for all issues, but sometimes we will fail to
120 might be relevant to take.