Official CVE definition of vulnerability:
	An instance of one or more weaknesses in a Product that can be
	exploited, causing a negative impact to confidentiality, integrity, or
	availability; a set of conditions or behaviors that allows the
	violation of an explicit or implicit security policy.

Relating to Linux, this means that anything that fixes a weakness or an
unexpected result should be assigned a CVE.