oss-sec mailing list archives

Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768

From: Wade Mealing <wmealing () redhat com>
Date: Thu, 11 Jun 2020 01:14:03 +1000

Did you ask the authors of the patches?  I think they might have already
assigned CVEs from Google's pool, based on previous interactions with
those developers...


I am in discussions with Anthony Steinhauser from Google, Anthony
stated there were no CVE's assigned.  This message was mainly for the
other CNA's  ( https://cve.mitre.org/cve/request_id.html ) who may be
able to assign CVE's.

If the kernel was a CVE Numbering Authority, they could assign their
own ( https://cve.mitre.org/cve/cna.html#become_a_cna ) and this whole
problem would not exist.  I'm not on the security () kernel org mailing
list (even after asking), so I can't really say what goes on behind
those closed doors, I would think it falls under their interests.

thanks,


No problem.

Wade Mealing

Product Security - Kernel, RHCE

Red Hat

wmealing () redhat com

TRIED. TESTED. TRUSTED.

Current thread:

kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
- Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)
  - Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
    - Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)
  - Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)