From 24c2877b84bb8de296e40c1b931a474630ccd2db Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Thu, 5 Jun 2025 17:32:19 +0100 Subject: [PATCH] linux-yocto: refresh CVE exclusion list for 6.12.31 (From OE-Core rev: 2b8fb722cd3cbc8f41315b2d88302bcf77bb681b) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 890041f5ed06be1c0a655030af35484d98fe3e7a) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index d33880eae0..199ea019d5 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,11 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-29 10:54:43.823437+00:00 for kernel version 6.12.30 -# From cvelistV5 cve_2025-05-29_1000Z-1-g4f2590b715f +# Generated at 2025-06-05 16:29:20.725105+00:00 for kernel version 6.12.31 +# From cvelistV5 cve_2025-06-05_1600Z python check_kernel_cve_status_version() { - this_version = "6.12.30" + this_version = "6.12.31" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -5054,8 +5054,6 @@ CVE_STATUS[CVE-2023-53023] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53024] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-53025] = "fixed-version: Fixed from version 6.2" - CVE_STATUS[CVE-2023-53026] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53028] = "fixed-version: Fixed from version 6.1.8" @@ -12564,8 +12562,6 @@ CVE_STATUS[CVE-2025-37780] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37781] = "cpe-stable-backport: Backported in 6.12.25" -CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25" - CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25" @@ -12660,8 +12656,6 @@ CVE_STATUS[CVE-2025-37830] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37831] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37832] = "cpe-stable-backport: Backported in 6.12.26" - CVE_STATUS[CVE-2025-37833] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37834] = "cpe-stable-backport: Backported in 6.12.26" @@ -12978,6 +12972,20 @@ CVE_STATUS[CVE-2025-37991] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37992] = "cpe-stable-backport: Backported in 6.12.30" +CVE_STATUS[CVE-2025-37993] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37994] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37995] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37996] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37997] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37998] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37999] = "cpe-stable-backport: Backported in 6.12.29" + CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23" # CVE-2025-38104 needs backporting (fixed from 6.15)