cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

CVEs CVE-2023-0179, CVE-2023-1079 and CVE-2023-1513 are patched in our kernels but appear as active because the NVD database is not up to date. (From OE-Core rev: ae1e7999a06c56c6f752413296b8f6b505475f8b) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Reviewed-by: Frank WOLFF <frank.wolff@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yoann Congal <yoann.congal@smile.fr> 2023-04-06 11:11:08 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-06 14:32:20 +0100
commit: 33e23d49927cc9871abefe3be289b966695d583c (patch)
tree: 2264c5aaf8953351ad8764eb8ed73ffb75f6ffd0
parent: c9f2486c527596a0c2657538a32de3fc3d43fe79 (diff)
download: poky-33e23d49927cc9871abefe3be289b966695d583c.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 76992c5b46..0b89598501 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -384,6 +384,14 @@ CVE_CHECK_IGNORE += "CVE-2022-42896"
 # 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
+# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
+# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
+# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
+# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
+CVE_CHECK_IGNORE += "CVE-2023-0179"
 # https://nvd.nist.gov/vuln/detail/CVE-2023-0266
 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
 # Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
@@ -442,6 +450,15 @@ CVE_CHECK_IGNORE += "CVE-2023-1077"
 # Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
 CVE_CHECK_IGNORE += "CVE-2023-1078"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
+# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
+# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
+# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
+# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
+# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
+# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
+CVE_CHECK_IGNORE += "CVE-2023-1079"
 # https://nvd.nist.gov/vuln/detail/CVE-2023-1118
 # Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
 # Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
@@ -460,6 +477,14 @@ CVE_CHECK_IGNORE += "CVE-2023-1118"
 # Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
 CVE_CHECK_IGNORE += "CVE-2023-1281"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
+# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
+# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
+# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
+# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
+# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
+CVE_CHECK_IGNORE += "CVE-2023-1513"
 # https://nvd.nist.gov/vuln/detail/CVE-2023-28466
 # Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
 # Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
author	Yoann Congal <yoann.congal@smile.fr>	2023-04-06 11:11:08 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-06 14:32:20 +0100
commit	33e23d49927cc9871abefe3be289b966695d583c (patch)
tree	2264c5aaf8953351ad8764eb8ed73ffb75f6ffd0
parent	c9f2486c527596a0c2657538a32de3fc3d43fe79 (diff)
download	poky-33e23d49927cc9871abefe3be289b966695d583c.tar.gz

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 76992c5b46..0b89598501 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -384,6 +384,14 @@ CVE_CHECK_IGNORE += "CVE-2022-42896"
384		384
385		385
386	# 2023	386	# 2023
		387
		388	# https://nvd.nist.gov/vuln/detail/CVE-2023-0179
		389	# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0
		390	# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
		391	# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
		392	# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
		393	CVE_CHECK_IGNORE += "CVE-2023-0179"
		394
387	# https://nvd.nist.gov/vuln/detail/CVE-2023-0266	395	# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
388	# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2	396	# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
389	# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e	397	# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
@@ -442,6 +450,15 @@ CVE_CHECK_IGNORE += "CVE-2023-1077"
442	# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3	450	# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
443	CVE_CHECK_IGNORE += "CVE-2023-1078"	451	CVE_CHECK_IGNORE += "CVE-2023-1078"
444		452
		453	# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
		454	# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
		455	# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc
		456	# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09
		457	# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
		458	# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
		459	# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
		460	CVE_CHECK_IGNORE += "CVE-2023-1079"
		461
445	# https://nvd.nist.gov/vuln/detail/CVE-2023-1118	462	# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
446	# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6	463	# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
447	# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17	464	# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17
@@ -460,6 +477,14 @@ CVE_CHECK_IGNORE += "CVE-2023-1118"
460	# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f	477	# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
461	CVE_CHECK_IGNORE += "CVE-2023-1281"	478	CVE_CHECK_IGNORE += "CVE-2023-1281"
462		479
		480	# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
		481	# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
		482	# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8
		483	# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
		484	# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
		485	# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
		486	CVE_CHECK_IGNORE += "CVE-2023-1513"
		487
463	# https://nvd.nist.gov/vuln/detail/CVE-2023-28466	488	# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
464	# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218	489	# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
465	# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962	490	# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962