Common Vulnerability and Exposure (CVE) numbers have been used for many
years as a way of uniquely identifying software vulnerabilities. It has
become increasingly clear in recent years that there are problems with CVE
numbers, though, and increasing numbers of
vulnerabilities are not being assigned CVE numbers at all. At the 2019 Kernel Recipes event, Greg
Kroah-Hartman delivered a “40-minute rant with an unsatisfactory
conclusion” on CVE
numbers and how the situation might be improved. The conclusion may be
“unsatisfactory”, but it seems destined to stir up some discussion
regardless.

Source: LWN.net – [$] What to do about CVE numbers