@jacques @bagder @gregkh I'd really love to have some public database that would help us all collectively make more efficient resource allocation decisions.
Let's take CVE-2025-38352 for example. CISA added it to the KEV because Google said that there is evidence of exploitation in the context of Android.
If you use CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y the fix is not needed.
Linux distros aren't affected but release "fixes" anyway. https://forums.rockylinux.org/t/rocky-8-10-cve-2025-38352/19590/3