You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Updated the documentation with:
* vulnerability definition and kernel security bug description
* reporting security procedure per https://docs.kernel.org/process/security-bugs.html
* CVE assignment per https://www.kernel.org/doc/html/latest/process/cve.html,
and recent Greg K-H video from the recent conference,
https://www.youtube.com/watch?v=KumwRn1BA6s
* reporting to linux-distros per https://oss-security.openwall.org/wiki/mailing-lists/distros
Removed minor, major security bug classifications as now, CVE is assigned to
the issue even it triggers WARN_ON with panic_on_warn enabled and
reboots the system.
Since there are 4 different parties with own interests:
- [email protected] wants to release the fix ASAP, but can be
postponed if the reporter asks an embargo period to let linux-distros
update their kernels.
- [email protected] is included in the mailing list, once
the fix is developed, but NOT merged in the stable tree
Once the fix lands on the stable tree, [email protected] should not be
mentioned in the conversation as they don't have any further interests.
- [email protected] is notified once the fix is publicly
merged to the stable tree
- [email protected] is notified if the CVE should be assigned to the fix
which is publicly merged to the stable tree.
Fixes: google#4714
0 commit comments