Linux's Role as CNA: Managing Kernel Security Vulnerabilities and CVE Tracking
By
voxadam
Crisp on the outside, thoughtful on the inside. A keeper.
Summary
The article discusses Linux's transition to becoming a CNA (Certificate Numbering Authority) for the Linux kernel, making the kernel.org community responsible for issuing all CVEs (Common Vulnerabilities and Exposures). It highlights that Linux has rapidly become one of the largest creators of CVEs by quantity, moving from nothing to number 3 in 2024 and number 1 in 2025. The article addresses questions about how this work is being managed and how people can track the increasing volume of security vulnerabilities being documented.
Key quotes
· 3 pulledIt's been almost 2 full years since Linux became a CNA (Certificate Numbering Authority) which meant that we (i.e. the kernel.org community) are now responsible for issuing all CVEs for the Linux kernel.
During this time, we've become one of the largest creators of CVEs by quantity, going from nothing to number 3 in 2024 to number 1 in 2025.
Naturally, this has caused some questions about how we are both doing all of this work, and how people can keep track of it.
You might also wanna read
AI-assisted vulnerability discovery raises concerns about Linux kernel security
This opinion article discusses a troubling trend in Linux security where AI-powered tools are being used to discover and exploit kernel vuln
theregister.com·1d ago
Linux and Ubuntu: Essential Tools for Modern Cybersecurity
The article discusses the critical role of Linux, particularly Ubuntu, in addressing modern cybersecurity challenges. It highlights the nece
DEV Community·10mo ago