linux-yocto: update CVE exclusions

(From OE-Core rev: e586c9ddc86b6d35c651cecd3be22b3e43306ecf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-05 05:04:44 +02:00 · 2023-10-23 15:05:53 +01:00 · 2023-10-23 15:05:53 +01:00 · 0f1651a713
commit 0f1651a713
parent eadd4605da
2 changed files with 77 additions and 9 deletions
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@ -1,6 +1,6 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-10-14 12:24:32.747058+00:00 for version 6.1.57
+# Generated at 2023-10-23 14:03:17.479563+00:00 for version 6.1.57

 python check_kernel_cve_status_version() {
    this_version = "6.1.57"
@ -3354,7 +3354,7 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed from version 5.9"

 CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed from version 5.6rc4"

-# CVE-2020-27418 has no known resolution
+CVE_STATUS[CVE-2020-27418] = "fixed-version: Fixed from version 5.6rc5"

 CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed from version 5.10rc1"

@ -4856,7 +4856,7 @@ CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"

 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)

-# CVE-2023-31085 has no known resolution
+CVE_STATUS[CVE-2023-31085] = "cpe-stable-backport: Backported in 6.1.57"

 CVE_STATUS[CVE-2023-3111] = "fixed-version: Fixed from version 6.0rc2"

@ -4936,6 +4936,8 @@ CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29"

 CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.1.44"

+CVE_STATUS[CVE-2023-34324] = "cpe-stable-backport: Backported in 6.1.57"
+
 CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed from version 5.18rc5"

 CVE_STATUS[CVE-2023-35001] = "cpe-stable-backport: Backported in 6.1.39"
@ -5004,6 +5006,16 @@ CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36"

 CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40"

+CVE_STATUS[CVE-2023-39189] = "cpe-stable-backport: Backported in 6.1.54"
+
+# CVE-2023-39191 needs backporting (fixed from 6.3rc1)
+
+CVE_STATUS[CVE-2023-39192] = "cpe-stable-backport: Backported in 6.1.53"
+
+CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53"
+
+CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47"
+
 CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"

 # CVE-2023-4010 has no known resolution
@ -5012,6 +5024,8 @@ CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43"

 CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45"

+# CVE-2023-40791 needs backporting (fixed from 6.5rc6)
+
 CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45"

 CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39"
@ -5032,7 +5046,7 @@ CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45"

 CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45"

-# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.1.56"

 CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45"

@ -5040,8 +5054,12 @@ CVE_STATUS[CVE-2023-42752] = "cpe-stable-backport: Backported in 6.1.53"

 CVE_STATUS[CVE-2023-42753] = "cpe-stable-backport: Backported in 6.1.53"

+CVE_STATUS[CVE-2023-42754] = "cpe-stable-backport: Backported in 6.1.56"
+
 CVE_STATUS[CVE-2023-42755] = "cpe-stable-backport: Backported in 6.1.55"

+CVE_STATUS[CVE-2023-42756] = "fixed-version: only affects 6.4rc6 onwards"
+
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"

 CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
@ -5050,23 +5068,39 @@ CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed from version 5.18rc3"

 CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"

+CVE_STATUS[CVE-2023-44466] = "cpe-stable-backport: Backported in 6.1.40"
+
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"

-# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.1.56"

 CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47"

+CVE_STATUS[CVE-2023-45862] = "cpe-stable-backport: Backported in 6.1.18"
+
+CVE_STATUS[CVE-2023-45863] = "cpe-stable-backport: Backported in 6.1.16"
+
+CVE_STATUS[CVE-2023-45871] = "cpe-stable-backport: Backported in 6.1.53"
+
+# CVE-2023-45898 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4610 has no known resolution
+
 CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards"

 # CVE-2023-4622 needs backporting (fixed from 6.5rc1)

 CVE_STATUS[CVE-2023-4623] = "cpe-stable-backport: Backported in 6.1.53"

+CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1"
+
 CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"

 CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"

 # CVE-2023-5158 has no known resolution

-# CVE-2023-5197 needs backporting (fixed from 6.6rc3)
+CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
+
+CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"

--- a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
@ -1,6 +1,6 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-10-14 12:24:32.683888+00:00 for version 6.5.7
+# Generated at 2023-10-23 14:03:24.529766+00:00 for version 6.5.7

 python check_kernel_cve_status_version() {
    this_version = "6.5.7"
@ -3354,7 +3354,7 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed from version 5.9"

 CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed from version 5.6rc4"

-# CVE-2020-27418 has no known resolution
+CVE_STATUS[CVE-2020-27418] = "fixed-version: Fixed from version 5.6rc5"

 CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed from version 5.10rc1"

@ -4856,7 +4856,7 @@ CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"

 CVE_STATUS[CVE-2023-31084] = "fixed-version: Fixed from version 6.4rc3"

-# CVE-2023-31085 has no known resolution
+# CVE-2023-31085 needs backporting (fixed from 6.6rc5)

 CVE_STATUS[CVE-2023-3111] = "fixed-version: Fixed from version 6.0rc2"

@ -4936,6 +4936,8 @@ CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed from version 6.4rc2"

 CVE_STATUS[CVE-2023-34319] = "fixed-version: Fixed from version 6.5rc6"

+# CVE-2023-34324 needs backporting (fixed from 6.6rc6)
+
 CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed from version 5.18rc5"

 CVE_STATUS[CVE-2023-35001] = "fixed-version: Fixed from version 6.5rc2"
@ -5004,6 +5006,16 @@ CVE_STATUS[CVE-2023-3866] = "fixed-version: Fixed from version 6.4"

 CVE_STATUS[CVE-2023-3867] = "fixed-version: Fixed from version 6.5rc1"

+# CVE-2023-39189 needs backporting (fixed from 6.6rc1)
+
+CVE_STATUS[CVE-2023-39191] = "fixed-version: Fixed from version 6.3rc1"
+
+# CVE-2023-39192 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-39193 needs backporting (fixed from 6.6rc1)
+
+CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7"
+
 CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3"

 # CVE-2023-4010 has no known resolution
@ -5012,6 +5024,8 @@ CVE_STATUS[CVE-2023-4015] = "fixed-version: Fixed from version 6.5rc4"

 CVE_STATUS[CVE-2023-40283] = "fixed-version: Fixed from version 6.5rc1"

+CVE_STATUS[CVE-2023-40791] = "fixed-version: Fixed from version 6.5rc6"
+
 CVE_STATUS[CVE-2023-4128] = "fixed-version: Fixed from version 6.5rc5"

 CVE_STATUS[CVE-2023-4132] = "fixed-version: Fixed from version 6.5rc1"
@ -5040,8 +5054,12 @@ CVE_STATUS[CVE-2023-4273] = "fixed-version: Fixed from version 6.5rc5"

 # CVE-2023-42753 needs backporting (fixed from 6.6rc1)

+# CVE-2023-42754 needs backporting (fixed from 6.6rc3)
+
 CVE_STATUS[CVE-2023-42755] = "fixed-version: Fixed from version 6.3rc1"

+# CVE-2023-42756 needs backporting (fixed from 6.6rc3)
+
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"

 CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed from version 5.18"
@ -5050,18 +5068,32 @@ CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed from version 5.18rc3"

 CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"

+CVE_STATUS[CVE-2023-44466] = "fixed-version: Fixed from version 6.5rc2"
+
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"

 CVE_STATUS[CVE-2023-4563] = "fixed-version: Fixed from version 6.5rc6"

 CVE_STATUS[CVE-2023-4569] = "fixed-version: Fixed from version 6.5rc7"

+CVE_STATUS[CVE-2023-45862] = "fixed-version: Fixed from version 6.3rc1"
+
+CVE_STATUS[CVE-2023-45863] = "fixed-version: Fixed from version 6.3rc1"
+
+# CVE-2023-45871 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-45898 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4610 has no known resolution
+
 CVE_STATUS[CVE-2023-4611] = "fixed-version: Fixed from version 6.5rc4"

 CVE_STATUS[CVE-2023-4622] = "fixed-version: Fixed from version 6.5rc1"

 # CVE-2023-4623 needs backporting (fixed from 6.6rc1)

+CVE_STATUS[CVE-2023-4732] = "fixed-version: Fixed from version 5.14rc1"
+
 # CVE-2023-4881 needs backporting (fixed from 6.6rc1)

 # CVE-2023-4921 needs backporting (fixed from 6.6rc1)
@ -5070,3 +5102,5 @@ CVE_STATUS[CVE-2023-4622] = "fixed-version: Fixed from version 6.5rc1"

 # CVE-2023-5197 needs backporting (fixed from 6.6rc3)

+# CVE-2023-5345 needs backporting (fixed from 6.6rc4)
+