How to collect CVE patches
Opened this issue · 4 comments
How to collect CVE patches and categorize them by version?The links I found on the Internet are scattered and irregular.
good question. I also want to know how to collect CVE patches by different version.
I'm afraid there is no "good" way to do it without manual labor.
MITRE and the LKML are good resources for patchfiles, but I have yet to find a source that links CVEs to patchfiles, let alone files that apply to different kernel versions.
Surely companies like RedHat, SUSE, Canonical and others do have such trackers for internal use, but I'm not aware of any public ones.
Yes, I have been looking for related tools.
There are some related discussions on LWN:
https://lwn.net/Articles/392293/
https://lwn.net/Articles/700530/
Here is my list:
https://raw.githubusercontent.com/Divested-Mobile/kernel_patches/master/Kernel_CVE_Patch_List.txt
There is also the CIP project's excellent scripts:
https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec