linux: update CVE exclusions

(From OE-Core rev: 5f9a2d44ba5f3c24bdee0e31051a9187eb6d6476) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2025-07-19 12:59:02 +02:00 · 2023-09-07 16:30:42 +01:00 · 2023-09-07 16:30:42 +01:00 · 55e36198d2
commit 55e36198d2
parent bb3067825c
2 changed files with 8 additions and 8 deletions
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@ -1,9 +1,9 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-05 05:17:33.070404+00:00 for version 6.1.46
+# Generated at 2023-09-07 15:29:54.983415+00:00 for version 6.1.51

 python check_kernel_cve_status_version() {
-    this_version = "6.1.46"
+    this_version = "6.1.51"
    kernel_version = d.getVar("LINUX_VERSION")
    if kernel_version != this_version:
        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@ -4966,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40"

 # CVE-2023-37454 has no known resolution

-# CVE-2023-3772 needs backporting (fixed from 6.1.47)
+CVE_STATUS[CVE-2023-3772] = "cpe-stable-backport: Backported in 6.1.47"

-# CVE-2023-3773 needs backporting (fixed from 6.1.47)
+CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.1.47"

 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40"

--- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
@ -1,9 +1,9 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-05 05:17:35.599561+00:00 for version 6.4.11
+# Generated at 2023-09-07 15:30:03.897686+00:00 for version 6.4.14

 python check_kernel_cve_status_version() {
-    this_version = "6.4.11"
+    this_version = "6.4.14"
    kernel_version = d.getVar("LINUX_VERSION")
    if kernel_version != this_version:
        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@ -4966,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.4.5"

 # CVE-2023-37454 has no known resolution

-# CVE-2023-3772 needs backporting (fixed from 6.4.12)
+CVE_STATUS[CVE-2023-3772] = "cpe-stable-backport: Backported in 6.4.12"

-# CVE-2023-3773 needs backporting (fixed from 6.4.12)
+CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.4.12"

 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5"