On Mon, Feb 10, 2025 at 05:32:33PM +0100, hsimeliere.opensource@xxxxxxxxxxx wrote: > On Mon, Feb 10, 2025 at 10:55:07AM +0100, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > Never link to nvd, their "enhancements" are provably wrong and hurtful > > to the kernel ecosystem. Always just refer to cve.org records or better > > yet, our own announcements. > > Thank you for this information, I will take note of it for our next contribution. > So the CVE must be under a CNA or CISA score for the patch to be required by the kernel? The kernel CNA provides NO "score" as that obviously is impossible to do given that we do NOT know your use case. What exactly are you trying to do here? Backport random changes to older kernels for what reason? We are glad to take backports for fixes that did not apply to older kernels, but you have to test them and provide a reason for why they should be included. To not have that on your side already feels very odd. > Where can I find your own announcements? You have read the in-kernel documentation about how we handle CVEs, right? It's listed there :) thanks, greg k-h
