The Introduction This blog serves as a case study into how the newly-formed Linux CNA (CVE Numbering Authority) has affected Linux kernel vulnerability management, through the mishandling of a vulnerability we reported a little over a month ago in the upstream 5.10 LTS kernel. The Vulnerability The report below provides the full details, but the summary is that in a proposed backport of a set of patches to improve the Linux kernel's mitigation against some newer MDS (Microarchitectural Data Samp...