harrysintonen ,
@harrysintonen@infosec.exchange avatar

kernel obtaining CVEs for every security related issue is quite visible here: https://lists.debian.org/debian-security-announce/2024/msg00066.html

neverpanic ,
@neverpanic@chaos.social avatar

@harrysintonen @raimue I looked at the first 33 (when sorted) and estimated that 8 of them actually cross a trust boundary, 6 of which I'd rate moderate. 25 seem to be DoS only or don't even cross a trust boundary, i.e., I don't believe those are actually security issues.

I understand why the kernel devs do this, but I don't think this is the right approach. Maybe the CVE system just needs to completely tumble and crash to be replaced by something better.

djm ,
@djm@cybervillains.com avatar

@harrysintonen I'm glad that I'm not maintaining tools that consume NVD's CVE feed any more

  • All
  • Subscribed
  • Moderated
  • Favorites
  • Linux
  • kamenrider
  • Rutgers
  • steinbach
  • Lexington
  • cragsand
  • mead
  • RetroGamingNetwork
  • mauerstrassenwetten
  • loren
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • WatchParties
  • itdept
  • Mordhau
  • neondivide
  • space_engine
  • AgeRegression
  • WarhammerFantasy
  • Teensy
  • learnviet
  • bjj
  • khanate
  • electropalaeography
  • MidnightClan
  • jeremy
  • supersentai
  • fandic
  • All magazines
    •