oss-sec mailing list archives
Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768
From: Wade Mealing <wmealing () redhat com>
Date: Thu, 11 Jun 2020 01:14:03 +1000
Did you ask the authors of the patches? I think they might have already assigned CVEs from Google's pool, based on previous interactions with those developers...
I am in discussions with Anthony Steinhauser from Google, Anthony stated there were no CVE's assigned. This message was mainly for the other CNA's ( https://cve.mitre.org/cve/request_id.html ) who may be able to assign CVE's. If the kernel was a CVE Numbering Authority, they could assign their own ( https://cve.mitre.org/cve/cna.html#become_a_cna ) and this whole problem would not exist. I'm not on the security () kernel org mailing list (even after asking), so I can't really say what goes on behind those closed doors, I would think it falls under their interests.
thanks,
No problem. Wade Mealing Product Security - Kernel, RHCE Red Hat wmealing () redhat com TRIED. TESTED. TRUSTED.
Current thread:
- kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
- Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)
- Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Wade Mealing (Jun 10)
- Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Monsieur Francis Perron (Jun 10)
- Re: kernel: Multiple SSBD related flaws CVE-2020-10766 , CVE-2020-10767, CVE-2020-10768 Greg KH (Jun 10)