CVEs are not just used by the kernel. They’re allocated by a central numbering authority to prevent numbers from being reused.

If you’ve found a vulnerability, you can request a CVE number.

Various authorities are allowed to hand out numbers, which are then centrally collected again. You can find out more here about this process.