{"id":13539289,"url":"https://github.com/nluedtke/linux_kernel_cves","last_synced_at":"2025-10-03T14:31:34.435Z","repository":{"id":39751064,"uuid":"81376392","full_name":"nluedtke/linux_kernel_cves","owner":"nluedtke","description":"Tracking CVEs for the linux Kernel","archived":true,"fork":false,"pushed_at":"2024-04-09T22:28:17.000Z","size":132943,"stargazers_count":739,"open_issues_count":92,"forks_count":70,"subscribers_count":63,"default_branch":"master","last_synced_at":"2024-09-29T15:01:29.664Z","etag":null,"topics":["cve","linux","linux-kernel","linux-security","security-audit","security-vulnerability","tracker","tracking-cves"],"latest_commit_sha":null,"homepage":null,"language":"Vue","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nluedtke.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-02-08T21:12:24.000Z","updated_at":"2024-09-25T13:00:30.000Z","dependencies_parsed_at":"2023-10-19T00:31:08.693Z","dependency_job_id":"711a8de2-465d-4d71-92b6-423cb0adc347","html_url":"https://github.com/nluedtke/linux_kernel_cves","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nluedtke%2Flinux_kernel_cves","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nluedtke%2Flinux_kernel_cves/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nluedtke%2Flinux_kernel_cves/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nluedtke%2Flinux_kernel_cves/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nluedtke","download_url":"https://codeload.github.com/nluedtke/linux_kernel_cves/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235146470,"owners_count":18943264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","linux","linux-kernel","linux-security","security-audit","security-vulnerability","tracker","tracking-cves"],"created_at":"2024-08-01T09:01:22.941Z","updated_at":"2025-10-03T14:31:31.035Z","avatar_url":"https://github.com/nluedtke.png","language":"Vue","readme":"# linux_kernel_cves\n\nThis is a simple project to track CVEs in the upstream linux kernel.\nIndividual distro's (RHEL, Debian, Ubuntu, etc) often do a good job of\ntracking CVEs for their own kernels but this information is lacking for\nthe upstream kernel. This project aims to help out with this void. The output\nwas generated automatically through a set of tools that has not been\nfully tested or made public yet.\n\n## How to see the data\n\nThere are two ways to view/consume the data. The easiest is the web front end at\n[www.linuxkernelcves.com][2]. Here can you can view CVEs by stream or by CVE id.\nThe second way is this github page. Here, the data is laid out in both JSON\nand text format.\n\n## Linux Security Note\n\nTracking, mitigating, and patching CVEs is just a small part of\nmaintaining a secure kernel.  Let me be clear, you can patch all known\nCVEs and still be vulnerable. Some risk can be mitigated through\nproperly configuring your kernel/system. I suggest you visit the\n[Kernel Self Protection Project][1] and other kernel security pages for more\ninformation.\n\n## Reading stream reports\n\nBelow is a list of definitions for certain strings you might see in a\nstream report. **The only CVEs that should appear in the stream\ndocument are ones that potentially affect that stream.** (ie. ones that\nwere not fixed prior to the first release version and were not introduced\nafter the release version) If no fixing commit is known for a CVE, then\nby default it is assumed to present in all streams after it was introduced.\n\n- 'Fix unknown': No fixing commit in the commit maps or the commit is\n  invalid\n- 'Fixed with X': Fixing commit was seen in the stream and first\n  appears in version X\n- 'Fix not seen in stream': The fixing commit is known and valid,\n  but not seen in this stream (ie. stream is still vulnerable)\n\n## Overview of Process\n\nThe process for generating these documents is focused on being as\nautomated as possible. Below is the general outline of steps.\n\n  1) Take list of all kernel CVEs\n  2) If the issue is marked as Vendor specific, ignore it.\n  3) Get the Breaking/Fixing Commits. This is retrieved from the\n  internal cache first, if not present it pulls from Ubuntu, Debian,\n  etc to try and fill that information in.\n  4) Using those commit ids, get the first tags in the mainline that\n  they appear.\n  5) Using that version timeline, for each stream that would be\n  vulnerable perform steps 6 through 8.\n  6) Find the commit who has the commit message that matches the commit\n  message from the mainline. This is the fixing commit in that stream.\n  7) Record the commit id and get the earliest tag in the stream which\n  has that commit.\n  8) Output information to stream document.\n  9) Update JSONs.\n\n## Accuracy\n\nThe bulk of the data is autogenerated or pulled from other open sources.\nWhile every effort is taken to ensure its accuracy, no promise of absolute\naccuracy can be made. If you think a CVE is missing or is not completely\naccurate, please fill out an issue to have the data looked at and changed. The\neventual goal would be to have a community curated list of CVEs along with when\nthe code was introduced and when it was fixed.\n\n## Development\n\nWant to contribute? Great!\n\n### Data Contributions\n\nAny additions/removals/updates to the data should start with an Issue. Please\nbe as accurate and complete as possible when requesting a change so the\ninformation can be validated as quickly as possible.\n\n### Code Contributions\n\nAll code changes or enchancements must be done through a Pull Request to the\nstaging branch. No PRs directly to master will be accepted.\n\n## Known Issues\n\n- Multiple commits to fix a CVE not handled\n\n[1]: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project\n[2]: https://www.linuxkernelcves.com\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","Vue (45)","Vue","linux"],"sub_categories":["\u003ca id=\"f799ff186643edfcf7ac1e94f08ba018\"\u003e\u003c/a\u003e知名漏洞\u0026\u0026CVE\u0026\u0026特定产品"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnluedtke%2Flinux_kernel_cves","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnluedtke%2Flinux_kernel_cves","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnluedtke%2Flinux_kernel_cves/lists"}