Greg and Linus do not believe in the entire concept of "vulnerabilities" in the Linux kernel and do not believe in the methods that distros use like cherry picking, therefor they typically are against issuing CVEs, scoring CVEs, describing vulnerabilities at all (if you use the word "vulnerability", your patch will be rejected), etc.
It's fundamentally their position to not work the way that you describe.
I would like to read more about this. Do you have a source?
http://www.kroah.com/log/blog/2026/02/16/linux-cve-assignmen...
I'd start with Greg's own words. You can probably find more on it from Spender/grsecurity's blog.
That doesn't really seem to map onto the situation since Greg himself released a 6.12 with the patch earlier today.
I don't know what you mean at all. I'm just repeating known kernel policy here. What does 6.12 have to do with anything?
What is your interpretation of why Greg KH released a version of 6.12 with this fix in it today, other than to help distributions avoid this vulnerability?
Why would he ever... not release a new version? I don't get what you're trying to say - I'm stating Greg's explicit policy on the topic. If he did something outside of that policy, that wouldn't change anything.