You can also listen to Greg KH explain it: Episode 417 – Linux Kernel security with Greg K-H https://opensourcesecurity.io/2024/02/25/episode-417-linux-k...
The mailing list does look like a treasure trove,
https://lore.kernel.org/linux-cve-announce/
Hundreds of disclosures just in the last month alone.
Title should be How kernel CVE numbers are assigned.
Unrelated: is the HN title editor doing a good enough job to warrant the cost of edits like "Kernel CVE numbers are assigned" (here), which has a completely different meaning than the original "How kernel CVE numbers are assigned"?