REPORT

A Look at 3 Months of Linux Kernel CVEs

With the Linux Kernel Project becoming a CVE Numbering Authority (CNA) in February 2024, there has been a drastic increase in the number of Common Vulnerabilities and Exposures (CVEs) being identified. This report examines the first few months of the Kernel team’s output as a CNA and what it means for Enterprise Linux users.

Gain an understanding of what this growth in Kernel vulnerabilities means for your organization’s security and compliance efforts

In this report, you’ll discover:

• The role of CNAs and the Linux Kernel Project’s journey to becoming one
• How the Linux Kernel Project has greatly surpassed the usual rate of CVE assignments
• An LTS version-by-version breakdown of CVEs assigned by the Kernel team
• How enterprises can approach security and compliance in this new environment