cve-extra-exclusions.inc: Exclude some issues not present in linux-yocto

Exclude some CVEs where the patches were backported to the stable series kernels we have. https://www.linuxkernelcves.com/cves/CVE-XXXX-XXXX is useful to help with this. Reviewed-by: Yoann Congal <yoann.congal@smile.fr> (From OE-Core rev: 33448393493d507c4d81c40e43537065a7b61d4c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-04 17:42:57 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-04 21:55:21 +0100
commit: 9b070654f89e5cf42f8764512deddf66ca63ffe9 (patch)
tree: 2cf5214dc6c4e52b7e96b705530354e8ed3d930f
parent: c097180d439f6514a3225d736e18ee14c759f0a1 (diff)
download: poky-9b070654f89e5cf42f8764512deddf66ca63ffe9.tar.gz
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index a281a8ac65..71e9714c6d 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -381,6 +381,46 @@ CVE_CHECK_IGNORE += "CVE-2023-0266"
 # Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
 CVE_CHECK_IGNORE += "CVE-2023-0394"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
+# Introduced in version 4.13 734942cc4ea6478eed125af258da1bdbb4afe578
+# Patched in kernel v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
+# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
+# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
+CVE_CHECK_IGNORE += "CVE-2023-0461"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
+# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
+# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
+# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
+# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
+CVE_CHECK_IGNORE += "CVE-2023-0386"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
+# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
+# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
+# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
+# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
+# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
+CVE_CHECK_IGNORE += "CVE-2023-1073"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
+# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
+# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
+# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
+CVE_CHECK_IGNORE += "CVE-2023-1074"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
+# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
+# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
+# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
+CVE_CHECK_IGNORE += "CVE-2023-1077"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
+# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
+# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
+# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
+CVE_CHECK_IGNORE += "CVE-2023-1078"
 # Wrong CPE in NVD database
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3563
 # https://nvd.nist.gov/vuln/detail/CVE-2022-3637
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-04 17:42:57 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-04 21:55:21 +0100
commit	9b070654f89e5cf42f8764512deddf66ca63ffe9 (patch)
tree	2cf5214dc6c4e52b7e96b705530354e8ed3d930f
parent	c097180d439f6514a3225d736e18ee14c759f0a1 (diff)
download	poky-9b070654f89e5cf42f8764512deddf66ca63ffe9.tar.gz

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index a281a8ac65..71e9714c6d 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -381,6 +381,46 @@ CVE_CHECK_IGNORE += "CVE-2023-0266"
381	# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4	381	# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
382	CVE_CHECK_IGNORE += "CVE-2023-0394"	382	CVE_CHECK_IGNORE += "CVE-2023-0394"
383		383
		384	# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
		385	# Introduced in version 4.13 734942cc4ea6478eed125af258da1bdbb4afe578
		386	# Patched in kernel v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
		387	# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
		388	# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
		389	CVE_CHECK_IGNORE += "CVE-2023-0461"
		390
		391	# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
		392	# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
		393	# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
		394	# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
		395	# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
		396	CVE_CHECK_IGNORE += "CVE-2023-0386"
		397
		398	# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
		399	# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
		400	# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
		401	# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
		402	# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
		403	# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
		404	CVE_CHECK_IGNORE += "CVE-2023-1073"
		405
		406	# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
		407	# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
		408	# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
		409	# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
		410	CVE_CHECK_IGNORE += "CVE-2023-1074"
		411
		412	# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
		413	# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
		414	# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
		415	# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
		416	CVE_CHECK_IGNORE += "CVE-2023-1077"
		417
		418	# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
		419	# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
		420	# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
		421	# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
		422	CVE_CHECK_IGNORE += "CVE-2023-1078"
		423
384	# Wrong CPE in NVD database	424	# Wrong CPE in NVD database
385	# https://nvd.nist.gov/vuln/detail/CVE-2022-3563	425	# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
386	# https://nvd.nist.gov/vuln/detail/CVE-2022-3637	426	# https://nvd.nist.gov/vuln/detail/CVE-2022-3637