mirror of
git://git.yoctoproject.org/poky.git
synced 2025-07-04 20:54:45 +02:00
5dff1c40db
Adding postprocessing script to process data from linux CNA that includes more accurate metadata and it is updated directly by the source.
Example of enhanced CVE from a report from cve-check:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"summary": "In the Linux kernel, the following vulnerability [...]",
"scorev2": "0.0",
"scorev3": "5.5",
"scorev4": "0.0",
"modified": "2025-03-17T15:36:11.620",
"vector": "LOCAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
And same from a report generated with vex:
{
"id": "CVE-2024-26710",
"status": "Ignored",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2024-26710",
"detail": "not-applicable-config",
"description": "Source code not compiled by config. ['arch/powerpc/include/asm/thread_info.h']"
},
For unpatched CVEs, provide more context in the description:
Tested with 6.12.22 kernel
{
"id": "CVE-2025-39728",
"status": "Unpatched",
"link": "https://nvd.nist.gov/vuln/detail/CVE-2025-39728",
"summary": "In the Linux kernel, the following vulnerability has been [...],
"scorev2": "0.0",
"scorev3": "0.0",
"scorev4": "0.0",
"modified": "2025-04-21T14:23:45.950",
"vector": "UNKNOWN",
"vectorString": "UNKNOWN",
"detail": "version-in-range",
"description": "Needs backporting (fixed from 6.12.23)"
},
CC: Peter Marko <peter.marko@siemens.com>
CC: Marta Rybczynska <rybczynska@gmail.com>
(From OE-Core rev: e60b1759c1aea5b8f5317e46608f0a3e782ecf57)
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
||
|---|---|---|
| .. | ||
| bb-perf | ||
| oe-image-files-spdx | ||
| bbvars.py | ||
| build-perf-test-wrapper.sh | ||
| convert-overrides.py | ||
| convert-spdx-licenses.py | ||
| convert-srcuri.py | ||
| convert-variable-renames.py | ||
| ddimage | ||
| devtool-stress.py | ||
| dialog-power-control | ||
| documentation-audit.sh | ||
| graph-tool | ||
| image-manifest | ||
| improve_kernel_cve_report.py | ||
| list-packageconfig-flags.py | ||
| make-spdx-bindings.sh | ||
| oe-build-perf-report-email.py | ||
| patchreview.py | ||
| patchtest.sh | ||
| serdevtry | ||
| test_build_time_worker.sh | ||
| test_build_time.sh | ||
| uncovered | ||
| verify-homepage.py | ||