Lots of the CVE world seems to focus on “security bugs” but I’ve found that it
is not all that well known exactly how the Linux kernel security process works.
I gave a
talk about this back in 2023
and at other conferences since then, attempting to explain how it works, but I
also thought it would be good to explain this all in writing as it is required
to know this when trying to understand how the Linux kernel CNA issues CVEs.
Read in full here: