Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp618920rdh; Wed, 14 Feb 2024 06:55:12 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUYBBHBGGbmqMNaphfRF6srAWD6WId7locdp05PRmXoGCXSesX4vRDVL/PaTU34zP4KDbVPju84z2mtnvfwZkWCFKgDz2/nqW/ytRI2Ig== X-Google-Smtp-Source: AGHT+IEIKAwwdAlCvNfwweQHqlj73JM7HWaYGw3kT2AIadHflRzCYftLndOBIdjvJ/vDstohxo0d X-Received: by 2002:a05:6a00:d72:b0:6e0:f550:3ccf with SMTP id n50-20020a056a000d7200b006e0f5503ccfmr2081550pfv.21.1707922512063; Wed, 14 Feb 2024 06:55:12 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707922512; cv=pass; d=google.com; s=arc-20160816; b=FKc4vfObABFKGgp/NUB5qh3ZaqTQogI04K0A03zZkuj/pKB95VEWDylsBWk3e16pEY mqHXXbl3zwe0S79TyaHCGBcy/JR+WQjFD8F+O5Qi7ZmilVoKxyxa0P1aoUURVSe5yDYT Vyt7UOIjV5DWCkQ9O0Dbj0nFlA8U7/4cm+7HfGe0kV4ShlLke4As4kOryS1vva+7I2wr UsXGiodPWLiblsi2gr87KPzspMEUMlOrBoOQjjaxkb2Jbr5laZ64R0I63CYSAOTd+tAM 4Q3JOmDfnHl6f/LJUJNCmPlR6VCoG5Z/jcvIDwKb5yoctUFPbEfbftFMGAeBM98QVDcl kmzw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :user-agent:references:message-id:in-reply-to:subject:cc:to:from :date:dkim-signature; bh=hT8eOR+v4zlL6RJfn5vjbr3jDS2hXsPXcfxyNxSmBLk=; fh=fgzP0pUnbgzt8ydfRZr3BsHLQ7epEBKxIOMQ7VPIwPc=; b=k51rZd3VuyLnXh4YvVAWnBWSH+0oIrb84gfsUaoUUMRdods/d15kTzIQnBobaiydwA rjcwjFTKWHVZZm95bOD+Oe7lyvpOS2kW5T4wMLSY9aCuKwqBMCMhYLfMuW3MW5jQfosp ZEtLSmnGjy88wo8sUXVigww2X+DXlsvur2dPq2uR+QMb8tXLjLAdMpnGxhytw9S4iQRM OndcEnl1FVC3fGZFdx6EQ6zMECc9L7F4nM5mOu6/Sw5/uo5VG+23Xf3Sv1DA0aSvK1dD BAQ5VWs246TCzV+aOf4SnJi6XNh2PS4PE9PBztboJ7szQvjLHkc3j7wxP6ophK+vexAj JnEA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EV0n9M0C; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65359-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65359-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCVql16u5KJXRAPYMjjzXAOUwwo3teh/xSHBydnNp4Bfn06uFN69vfaVxH15lRBd5NvYXO+M2OcdzemsZPFmS51LjOqkfSJI7DvPmNwkEA== Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id gu15-20020a056a004e4f00b006e08f791096si8450975pfb.171.2024.02.14.06.55.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 06:55:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65359-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=EV0n9M0C; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65359-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65359-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id AACA7B265AF for ; Wed, 14 Feb 2024 14:46:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 369AD5B043; Wed, 14 Feb 2024 14:46:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="EV0n9M0C" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DCFB55E44; Wed, 14 Feb 2024 14:46:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707921972; cv=none; b=WLpbPnjxElEtI+I8I8krtMs0PjVsgF0ajuNsJxPadLxXdCdQUG7mmiB+2AfpwzaQ0ywsIau6SsNS1WGIUSd+fuBwgUgK4YFB51HhQPBxP6Jojak8Z0J7JqxLRulhzuWhECJDI8fIQA5F+k/9RlzyEJiJdDaxx+tL68crdcBkeuo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707921972; c=relaxed/simple; bh=c+xjim88bHayo1cK2qBTU6PJqAH/5WT7kzZO5iz1EKU=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=SmHiZqo3qXkvlsSO2mkT+9n6q+TsDgyPQ1iNr3CCaNw/b9rdKRv+2ZhJdq7Pt/eUM0IWi14Z+lnLqFdGi1hvkDksSyaC+fGTiLToXQ1KYat6SNrYv/CL0dJxT79zxZ2tSJxVeXf4YsoJ2//AcNYLh8gkH7dhyOw7bCI3THe9+AM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=EV0n9M0C; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 606E8C43390; Wed, 14 Feb 2024 14:46:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707921971; bh=c+xjim88bHayo1cK2qBTU6PJqAH/5WT7kzZO5iz1EKU=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=EV0n9M0CtLsPBoVc6qo/dQDruG1BBfltUNWUW1Zul2JqVCibKG+kVBtL9ED1xjTAG mIkcxwprxbXFtKHJVNr4uHpq+eCoQKsHeVD9DN0gJg7VAklrXRkoj+NaJkFPKTpgkv s+MsQYDOBDh4/ubh5PXTPZqZ2kYdxyo7lwLksKGS6sq6X6Bubm/CSBeEtVTUqFoVjF 8GkfrCX/hiZDAIvvq+0JgTGygkoq7rfkkofhg+DMfJiJibKCeik3Db5xVZymZOOJEM EpC/YCnTgArokgZcI5+Q2tN3HOiQQH7A2WM3cA0jKNSgK5Oaj5u0PyV7ZK6H2/d8NR eazlxiq3G4UmA== Date: Wed, 14 Feb 2024 15:46:12 +0100 (CET) From: Jiri Kosina To: Mark Brown cc: Greg Kroah-Hartman , corbet@lwn.net, workflows@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, security@kernel.org, Kees Cook , Sasha Levin , Lee Jones Subject: Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process In-Reply-To: <7c177ba2-6b0a-4203-9ee6-113e75c6bb13@sirena.org.uk> Message-ID: References: <2024021430-blanching-spotter-c7c8@gregkh> <7c177ba2-6b0a-4203-9ee6-113e75c6bb13@sirena.org.uk> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII On Wed, 14 Feb 2024, Mark Brown wrote: > Not addressing your point in general but the speaker volume limiting is > security relevant, that change prevents physical damage to the system. > There's an argument for many headphone volume related fixes too since > excessively large volumes can cause substantial distress and potential > injury to users (I can't remember if that fix would be relevant to that > issue). Thanks, I guess you are actually supporting my point, and that is -- there is no consensus whatsoever of what assigning a CVE actually means, at all. To me -- physical damage to the system, fair enough, that might really easily be security relevant. Something being too loud, causing distress ... that's really a grey zone (to put it mildly) for me. How about e.g. a bug in GPU driver, leading to a flickering screen? Many people are very sensitive to that (both physically and mentally) for various reasons. Bug worth fixing? Absolutely, as soon as possible. Security-relevant? Not in my book. To me, kernel is in no way special, in this respect, actually. With each and every coding error in software of your choice, given anough fantasy, you'll come up with a scenario where this will cause some real issues to some living human. That's not what CVE is about at all, at least in my understaing. -- Jiri Kosina SUSE Labs