Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp561170rdh; Wed, 14 Feb 2024 05:20:44 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXkS5nY02quScd3TElDw5yz6fF4DfZtxMX1qz601G+pgcQONa/quCw2uC/zc2TEFTT1lNf/VPit1+uDM8QYxC1dx9nbupGERsbFNu0reg== X-Google-Smtp-Source: AGHT+IETMJngJ6cn19owk5Ja+ff4FE2H/9bRbphtByB9PekNsyvbRFzs8l+4vrbyYnFmYRCmwBKt X-Received: by 2002:a17:902:ce8a:b0:1d9:a148:48a with SMTP id f10-20020a170902ce8a00b001d9a148048amr3069423plg.24.1707916844124; Wed, 14 Feb 2024 05:20:44 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707916844; cv=pass; d=google.com; s=arc-20160816; b=qj1LAllkKUEWXEuh2EpJYkEPWhb2meAZXlSOs1v0QzFxD3DpEr/VyrOaqskORN+R47 pMGOMG5D8YZTHwEYVnVYsVvbZfGMdra8PyNvQCDaoBfSEKg3bzyCV8CSMLKOrmn42Iph dZnPp0Ag8BNvUqIZucNHeSRjz+7mG3FevUWM6CE6BAJ9vYIBW6B/izXl7y5q0NGsLx4y Ic+JhpAjCSgCqvRCPcy8dTB5q2Wrw4IAFb5wQsXaCElPDJmRaX+JWVZDpZgAapJW8rlj +ce5qm0dPNf1QZPyy3+4Lc3830IulHaZ5oL5odYDzJn3y742NLpci43z2SprrQ8Z8/Pw 1C+A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:autocrypt:from:references:cc :to:content-language:subject:user-agent:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:date:message-id :dkim-signature; bh=BTQWkHHZvbHv6Pyvadb2wvJ27ifDC1545n/m7aljeXw=; fh=XOovhAWF8+drrS/wby2gxfAGv38L6YegJxgNPQY1ZHA=; b=0Afnk/Y6XTXMh+BsVnRcIInoKEZnWCEmJmrxhbgz/MluSXGP//8GSIG7tJ5KPdjprv CEEeIJ4qHDP8uOa6grT6qTcIYFIcUTXjfu7JgORjoqheimD0s6uzqIPIzCwqwyr0TzSq bhC2jyTDxzVdaPEfaz2MIOs++vJbt4LqpkMILoxD4xcLN2kyRrqpn5/EbpO46WXsgoh3 QUlYcrZtDhQt/jMSUQcE20+qiR9xnAp8Ob8/BExWYe8Nflgx7eemGYTPE607J/M9po2z B2pipmc7eEjmrl4UmDpNs+jMygiK4frEhsYkWSyf+SBtw4OJ1rgtlilk1+i+hEUMmyKj cq6w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=R8ZvL9jw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65251-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65251-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCVmUJKp5NVdVe9Mu5RYkjkaeljQPxiKwKf8WC9xn+GgPIiWb59l6Q+ryJfKUSHQcjdAFGpiiHhlQdBUFD0u6ZVBXpotqLiiQLXTX8VN6g== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id ma15-20020a170903094f00b001db5c9ec2ecsi177138plb.607.2024.02.14.05.20.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 05:20:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65251-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=R8ZvL9jw; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65251-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65251-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id F1965B248E8 for ; Wed, 14 Feb 2024 13:10:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 02279535A3; Wed, 14 Feb 2024 13:10:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="R8ZvL9jw" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1265853389; Wed, 14 Feb 2024 13:10:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707916212; cv=none; b=bKW8STEXVfyMHgJdB2CfdB+YolKUj9ZiuuMcTkjhHTxdsLOxOIwG3NKMx9+YTsLDVOhEIVNXIByG1lIxNIkxKvwIoChWJDYxjMD0Rv/JNhQ3yGllL4WokVKtu2cbdlTMNMt8iw7kbhAeA5uWL+ONXRaiofbSi1+pp8STSVPK5Wk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707916212; c=relaxed/simple; bh=j6uNWmfseemMzkqVHeu0p051s4oZ31wQN7AgSulk7HI=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=Psfk/5FJCdVuEJZFuWkpe9Xlr3IFOgp57d2tksbX/m7gTozoslufBX8ZQ16+LS6ja8tN+1qk3S9w4ewYqUGfkOqLTmXqa75Ai3xOpvOYlRN8Fp76+IQkyELWn0zhMgvttNfHj+pEeUQG4/GHcg7BUg1t0sB+0Ny9CWOaNTEVenI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=R8ZvL9jw; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8AE0AC433C7; Wed, 14 Feb 2024 13:10:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707916211; bh=j6uNWmfseemMzkqVHeu0p051s4oZ31wQN7AgSulk7HI=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=R8ZvL9jwtQkM+Yj1rc5emGcqrHnnFK8q1szwGBAq2fRBDL6aU8QcpqQjwhLs+oJw+ ccW64TlJ+4u6RNpn1GzJoBuLvJk4eDWFZBU+gPyLUT1szVwg0aVwEZopBuIOEZtYIh nSenUOZodNGWBLCgnZ2FuJ0wbxEB5cyNRYme3Mnb3m5NJ2nadKEXMvJHMNZtRJgg6J fD7yGtcJaxXAGXNzyAgsUHST3fuLCJ14EySAeb1tvIOI8aOldoeopGWtK6TwDDzhVb 4Ao/pb8CPBlmuPTriIp+rI/2FPf89uvc2HzCus9093yfp0c3vNPwi4Lf+qndlE0SH4 6weP/qHztKNIw== Message-ID: <75f89fc2-4b43-4311-bc84-03738dead5cc@kernel.org> Date: Wed, 14 Feb 2024 14:10:07 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process Content-Language: en-US To: Greg Kroah-Hartman , corbet@lwn.net, workflows@vger.kernel.org Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, security@kernel.org, Kees Cook , Sasha Levin , Lee Jones References: <2024021430-blanching-spotter-c7c8@gregkh> From: Krzysztof Kozlowski Autocrypt: addr=krzk@kernel.org; keydata= xsFNBFVDQq4BEAC6KeLOfFsAvFMBsrCrJ2bCalhPv5+KQF2PS2+iwZI8BpRZoV+Bd5kWvN79 cFgcqTTuNHjAvxtUG8pQgGTHAObYs6xeYJtjUH0ZX6ndJ33FJYf5V3yXqqjcZ30FgHzJCFUu JMp7PSyMPzpUXfU12yfcRYVEMQrmplNZssmYhiTeVicuOOypWugZKVLGNm0IweVCaZ/DJDIH gNbpvVwjcKYrx85m9cBVEBUGaQP6AT7qlVCkrf50v8bofSIyVa2xmubbAwwFA1oxoOusjPIE J3iadrwpFvsZjF5uHAKS+7wHLoW9hVzOnLbX6ajk5Hf8Pb1m+VH/E8bPBNNYKkfTtypTDUCj NYcd27tjnXfG+SDs/EXNUAIRefCyvaRG7oRYF3Ec+2RgQDRnmmjCjoQNbFrJvJkFHlPeHaeS BosGY+XWKydnmsfY7SSnjAzLUGAFhLd/XDVpb1Een2XucPpKvt9ORF+48gy12FA5GduRLhQU vK4tU7ojoem/G23PcowM1CwPurC8sAVsQb9KmwTGh7rVz3ks3w/zfGBy3+WmLg++C2Wct6nM Pd8/6CBVjEWqD06/RjI2AnjIq5fSEH/BIfXXfC68nMp9BZoy3So4ZsbOlBmtAPvMYX6U8VwD TNeBxJu5Ex0Izf1NV9CzC3nNaFUYOY8KfN01X5SExAoVTr09ewARAQABzSVLcnp5c3p0b2Yg S296bG93c2tpIDxrcnprQGtlcm5lbC5vcmc+wsGVBBMBCgA/AhsDBgsJCAcDAgYVCAIJCgsE FgIDAQIeAQIXgBYhBJvQfg4MUfjVlne3VBuTQ307QWKbBQJgPO8PBQkUX63hAAoJEBuTQ307 QWKbBn8P+QFxwl7pDsAKR1InemMAmuykCHl+XgC0LDqrsWhAH5TYeTVXGSyDsuZjHvj+FRP+ gZaEIYSw2Yf0e91U9HXo3RYhEwSmxUQ4Fjhc9qAwGKVPQf6YuQ5yy6pzI8brcKmHHOGrB3tP /MODPt81M1zpograAC2WTDzkICfHKj8LpXp45PylD99J9q0Y+gb04CG5/wXs+1hJy/dz0tYy iua4nCuSRbxnSHKBS5vvjosWWjWQXsRKd+zzXp6kfRHHpzJkhRwF6ArXi4XnQ+REnoTfM5Fk VmVmSQ3yFKKePEzoIriT1b2sXO0g5QXOAvFqB65LZjXG9jGJoVG6ZJrUV1MVK8vamKoVbUEe 0NlLl/tX96HLowHHoKhxEsbFzGzKiFLh7hyboTpy2whdonkDxpnv/H8wE9M3VW/fPgnL2nPe xaBLqyHxy9hA9JrZvxg3IQ61x7rtBWBUQPmEaK0azW+l3ysiNpBhISkZrsW3ZUdknWu87nh6 eTB7mR7xBcVxnomxWwJI4B0wuMwCPdgbV6YDUKCuSgRMUEiVry10xd9KLypR9Vfyn1AhROrq AubRPVeJBf9zR5UW1trJNfwVt3XmbHX50HCcHdEdCKiT9O+FiEcahIaWh9lihvO0ci0TtVGZ MCEtaCE80Q3Ma9RdHYB3uVF930jwquplFLNF+IBCn5JRzsFNBFVDXDQBEADNkrQYSREUL4D3 Gws46JEoZ9HEQOKtkrwjrzlw/tCmqVzERRPvz2Xg8n7+HRCrgqnodIYoUh5WsU84N03KlLue MNsWLJBvBaubYN4JuJIdRr4dS4oyF1/fQAQPHh8Thpiz0SAZFx6iWKB7Qrz3OrGCjTPcW6ei OMheesVS5hxietSmlin+SilmIAPZHx7n242u6kdHOh+/SyLImKn/dh9RzatVpUKbv34eP1wA GldWsRxbf3WP9pFNObSzI/Bo3kA89Xx2rO2roC+Gq4LeHvo7ptzcLcrqaHUAcZ3CgFG88CnA 6z6lBZn0WyewEcPOPdcUB2Q7D/NiUY+HDiV99rAYPJztjeTrBSTnHeSBPb+qn5ZZGQwIdUW9 YegxWKvXXHTwB5eMzo/RB6vffwqcnHDoe0q7VgzRRZJwpi6aMIXLfeWZ5Wrwaw2zldFuO4Dt 91pFzBSOIpeMtfgb/Pfe/a1WJ/GgaIRIBE+NUqckM+3zJHGmVPqJP/h2Iwv6nw8U+7Yyl6gU BLHFTg2hYnLFJI4Xjg+AX1hHFVKmvl3VBHIsBv0oDcsQWXqY+NaFahT0lRPjYtrTa1v3tem/ JoFzZ4B0p27K+qQCF2R96hVvuEyjzBmdq2esyE6zIqftdo4MOJho8uctOiWbwNNq2U9pPWmu 4vXVFBYIGmpyNPYzRm0QPwARAQABwsF8BBgBCgAmAhsMFiEEm9B+DgxR+NWWd7dUG5NDfTtB YpsFAmA872oFCRRflLYACgkQG5NDfTtBYpvScw/9GrqBrVLuJoJ52qBBKUBDo4E+5fU1bjt0 Gv0nh/hNJuecuRY6aemU6HOPNc2t8QHMSvwbSF+Vp9ZkOvrM36yUOufctoqON+wXrliEY0J4 ksR89ZILRRAold9Mh0YDqEJc1HmuxYLJ7lnbLYH1oui8bLbMBM8S2Uo9RKqV2GROLi44enVt vdrDvo+CxKj2K+d4cleCNiz5qbTxPUW/cgkwG0lJc4I4sso7l4XMDKn95c7JtNsuzqKvhEVS oic5by3fbUnuI0cemeizF4QdtX2uQxrP7RwHFBd+YUia7zCcz0//rv6FZmAxWZGy5arNl6Vm lQqNo7/Poh8WWfRS+xegBxc6hBXahpyUKphAKYkah+m+I0QToCfnGKnPqyYIMDEHCS/RfqA5 t8F+O56+oyLBAeWX7XcmyM6TGeVfb+OZVMJnZzK0s2VYAuI0Rl87FBFYgULdgqKV7R7WHzwD uZwJCLykjad45hsWcOGk3OcaAGQS6NDlfhM6O9aYNwGL6tGt/6BkRikNOs7VDEa4/HlbaSJo 7FgndGw1kWmkeL6oQh7wBvYll2buKod4qYntmNKEicoHGU+x91Gcan8mCoqhJkbqrL7+nXG2 5Q/GS5M9RFWS+nYyJh+c3OcfKqVcZQNANItt7+ULzdNJuhvTRRdC3g9hmCEuNSr+CLMdnRBY fv0= In-Reply-To: <2024021430-blanching-spotter-c7c8@gregkh> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit On 14/02/2024 09:00, Greg Kroah-Hartman wrote: > The Linux kernel project now has the ability to assign CVEs to fixed > issues, so document the process and how individual developers can get a > CVE if one is not automatically assigned for their fixes. > > Reviewed-by: Kees Cook > Signed-off-by: Greg Kroah-Hartman > Signed-off-by: Sasha Levin > Signed-off-by: Lee Jones > --- > v3: fix up wording in security-bugs.rst based on the changes to the cve > assignment process from v1, thanks to a private reviewer for > pointing that out. > v2: Grammer fixes based on review from Randy > Updated paragraph about how CVE identifiers will be assigned > (automatically when added to stable trees, or ask us for one > directly before that happens if so desired) > > Documentation/process/cve.rst | 120 ++++++++++++++++++++++++ > Documentation/process/index.rst | 1 + > Documentation/process/security-bugs.rst | 5 +- Great direction! Finally all these bugs we are fixing every release (thus in stable trees) will get proper attention via assigned CVEs. Reviewed-by: Krzysztof Kozlowski Best regards, Krzysztof