Thanks for the heads up! It's our policy to go ahead and end embargoes once an issue is publicly disclosed, so we'll move forward triaging this as class C2 "A vulnerability, but not in OpenStack supported code, e.g., in a dependency" per our report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Adding a new OSSN task in case the security note editors want to publish something about this prior to or once the kernel fix is available.
Thanks for the heads up! It's our policy to go ahead and end embargoes once an issue is publicly disclosed, so we'll move forward triaging this as class C2 "A vulnerability, but not in OpenStack supported code, e.g., in a dependency" per our report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy
Adding a new OSSN task in case the security note editors want to publish something about this prior to or once the kernel fix is available.