Since February 2024, Linux Kernel CVEs have been assigned and published by people at kernel.org.
Their understanding of a CVE sadly differs from the commonly accepted CVE standards, especially regarding selection criteria, vulnerability descriptions, and severity evaluation. Due to this policy and methodology change, the Linux Kernel world receives approximately 120 CVEs monthly. This used to be around 15 until January 2024. We, the Kernel Security Squad here at Canonical, are always working hard to fix any significantly important CVE within an acceptable timeframe, however, due to the sheer number of incoming CVEs, we have to postpone some and prioritize others, even though they seem to have equal CVSS. (Two Mediums can differ greatly from each other due to configuration changes in Ubuntu). I assure you that we will carefully evaluate the list of CVEs you shared and act accordingly, however, it would be impossible for me to propose an ETA right now. Thank you for your understanding. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2083312 Title: linux-libc-dev package has vulnerabilities Status in linux package in Ubuntu: New Bug description: Hello Team, We are using the latest AWS Cloud images from us-west-2 region. We have observed many vulnerabilities impacting the package linux-libc- dev across all ubuntu(focal/jammy and noble). Please find the vulnerability scan results for all there release. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2083312/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
