Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]

Looking at all the recent Linux kernel crash CVEs I see that the "Scope Changed" metric is always "Unchanged" indicating that "The vulnerable component is the affected component".
My question is, why wouldn’t … Continue reading Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]

Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]

Looking at all the recent Linux kernel crash CVEs I see that the "Scope Changed" metric is always "Unchanged" indicating that "The vulnerable component is the affected component".
My question is, why wouldn’t … Continue reading Why is the "Scope Changed" CVSS Metric for Kernel Crash Vectors always "Unchanged"? [closed]

Does CVSS 4.0 solve the exploitability problem?

The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is officially live. Building iteratively on version 3 there are a few differences that in… Continue reading Does CVSS 4.0 solve the exploitability problem?