Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-10766 CVE-2020-10767 CVE-2020-10768

Source

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Greg KH &lt;greg () kroah com&gt;

Date: Wed, 10 Jun 2020 17:36:45 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Thu, Jun 11, 2020 at 01:14:03AM +1000, Wade Mealing wrote:
Did you ask the authors of the patches?  I think they might have already
assigned CVEs from Google's pool, based on previous interactions with
those developers...

I am in discussions with Anthony Steinhauser from Google, Anthony
stated there were no CVE's assigned.  This message was mainly for the
other CNA's  ( https://cve.mitre.org/cve/request_id.html ) who may be
able to assign CVE's.

Is oss-security the place to sync up on those things?  I thought you all
had your own list to sync on those things, as that must happen often.

If the kernel was a CVE Numbering Authority, they could assign their
own ( https://cve.mitre.org/cve/cna.html#become_a_cna ) and this whole
problem would not exist.  I'm not on the security () kernel org mailing
list (even after asking), so I can't really say what goes on behind
those closed doors, I would think it falls under their interests.

The kernel does NOT want to become a CVE Numbering Authority, and our
documentation explicitly states that if you want a CVE for a kernel
issue, you can just go ask MITRE or someone else for it:
        https://www.kernel.org/doc/html/latest/admin-guide/security-bugs.html

There's loads of reasons why CVEs don't really work for the kernel at
all, as has been discussed many times here on this list, and in other
places, and even with MITRE themselves (and they agree with me).

I don't think we want to rehash that again here :)

thanks,

greg k-h

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

Vulmon Search

About

Products

Connect