Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs/linux: updated reporting security bugs guide
Updated the documentation with: * vulnerability definition and kernel security bug description * reporting security procedure per https://docs.kernel.org/process/security-bugs.html * CVE assignment per https://www.kernel.org/doc/html/latest/process/cve.html, and recent Greg K-H video from the recent conference, https://www.youtube.com/watch?v=KumwRn1BA6s * reporting to linux-distros per https://oss-security.openwall.org/wiki/mailing-lists/distros Removed minor, major security bug classifications as now, CVE is assigned to the issue even it triggers WARN_ON with panic_on_warn enabled and reboots the system. Since there are 4 different parties with own interests: - [email protected] wants to release the fix ASAP, but can be postponed if the reporter asks an embargo period to let linux-distros update their kernels. - [email protected] is included in the mailing list, once the fix is developed, but NOT merged in the stable tree Once the fix lands on the stable tree, [email protected] should not be mentioned in the conversation as they don't have any further interests. - [email protected] is notified once the fix is publicly merged to the stable tree - [email protected] is notified if the CVE should be assigned to the fix which is publicly merged to the stable tree. reporting_kernel_bugs.png generation ==================================== - Go to https://draw.io - Click "Open the existing diagram" -> "Upload" tab - Browse to the repository's docs/linux/reporting_kernel_bugs.drawio - Make necessary changes - Click "Export as" -> PNG -> disable "Include a copy of my diagram" as we've already included the draw.io scheme as the separate file Fixes: #4714
- Loading branch information
