On 11/13/25 23:48, Bjoern Franke wrote:
Hi,
I stumbled at work upon CVE-2025-40300 (as it caused Ubuntus USN-7860-1) and was
wondering that it wasn't mentioned on this list. Usually CVEs are posted here
before some distro specific fixes appear.
The CPU vendors have their own methods for alerting OS & Hypervisor makers of
CPU-level security issues in advance of publication, that don't flow through
the distros lists or this list, so fixes for those often happen without any
notice here.
For other CVEs, it really depends on whether the project includes this list
in their notification process, or some volunteer notices them and forwards
the information to the list. Many still slip through the cracks.
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
