oss-sec mailing list archives

Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros


From: nightmare.yeah27 () aceecat org
Date: Sun, 5 Oct 2025 09:52:47 -0700

On Sun, Oct 05, 2025 at 08:23:21AM +0200, Greg KH wrote:

That is the work we do to "triage" on a weekly basis.

Again, not all bugfixes that go into the Linux kernel meet the
cve.org definition of "vulnerability", and so, we do not mark all
Linux bugfixes with a CVE.  If we were to do that, the rate of CVEs
would be much higher than the current average of 13 per day (which
if you look at applicability of those CVEs to your system, is on
average, or a bit below, the other two major operating systems out
there, so Linux is not an outlier at all.)

Hope this helps explain things a bit better.  I think this means I
need to write up even more documentation as to exactly how we do all
of this work as this information isn't more widely known.

Yes, thank you. This in fact improved my understanding of the
situation a lot. I hope it also did so for others.

-- 
Ian


Current thread: