[PATCH v3 6/7] Documentation/security-bugs: clarify hardware vs. software vulnerabilities

From: Vegard Nossum
Date: Sun Mar 05 2023 - 17:02:22 EST


We should emphasize the fact that we have a separate document for
reporting hardware vulnerabilities.

Link: https://lore.kernel.org/all/nycvar.YFH.7.76.2206062326230.10851@xxxxxxxxxxxxx/
Suggested-by: Jiri Kosina <jikos@xxxxxxxxxx>
Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
---
Documentation/process/security-bugs.rst | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Documentation/process/security-bugs.rst b/Documentation/process/security-bugs.rst
index 61742dcfea50..7bd59587332a 100644
--- a/Documentation/process/security-bugs.rst
+++ b/Documentation/process/security-bugs.rst
@@ -15,6 +15,10 @@ While the security list is closed, the security team may bring in extra
help from the relevant maintainers to understand and fix the security
vulnerability.

+The security list is mainly for software vulnerabilities. For hardware
+security vulnerabilities, see
+Documentation/process/embargoed-hardware-issues.rst instead.
+
Note that the main interest of the kernel security list is in getting
bugs fixed and getting patches reviewed, tested, and merged; CVE
assignment, disclosure to distributions, and public disclosure happen on
--
2.40.0.rc1.2.gd15644fe02