For sure, but you don't need to file CVEs for every regular bug.

Skunkleton · 2026-01-02T23:25:59 1767396359

In the context of the kernel, it’s hard to say when that’s true. It’s very easy to fix some bug that resulted in a kernel crash without considering that it could possibly be part of some complex exploit chain. Basically any bug could be considered a security bug.

SSLy · 2026-01-02T23:34:49 1767396889

plainly, crash = DoS = security issue = CVE.

QED.

michaelt · 2026-01-03T00:25:40 1767399940

BRB, raising a CVE complaining the OOM killer exists.

pamcake · 2026-01-03T01:26:28 1767403588

Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.

worthless-trash · 2026-01-03T03:18:41 1767410321

I could be wrong. But operation by design isn't considered a bug.

samus · 2026-01-03T04:40:18 1767415218

It is if some other condition is violated that is more important. Then the design might have to be reconsidered.

suspended_state · 2026-01-03T08:21:27 1767428487

If it is faulty, then it's not a bug, it's a flaw.

lfllfkddl · 2026-01-03T20:36:59 1767472619

It is possible to design a security vulnerability.

worthless-trash · 2026-01-04T06:32:50 1767508370

Oh, now that is an exciting area.

SSLy · 2026-01-03T15:00:09 1767452409

you either get OOMed or next malloc fails and that's also going to wreck havoc