[$] How kernel CVE numbers are assigned

It has been four months since GregKroah-Hartman and MITREannounced that the Linux kernel project had become its own CVE NumberingAuthority (CNA). Since then, the Linux CNA Team has developed workflowsand mechanisms to help manage the various tasks associated with thischallenge. There does however, appear to be a lack of understanding amongcommunity members of the processes and rules the team have been workingwithin. The principal aim of this article, written by a member of theLinux kernel CNA team, is to clarify how the team works and how kernel CVEnumbers are assigned.