cve-exclusions_6.1: ignore patched CVE-2022-38457 & CVE-2022-40133

Ignore CVE-2022-38457 & CVE-2022-40133 as they looks patched in our 6.1 branch. I've asked the NVD to add the commit as the patch for these CVEs, but in the meantime, other sources seem to agree that the commit fixes these CVEs (and I concur). (From OE-Core rev: 990d1cbb1628577bd159e8266fa15976f1f17062) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yoann Congal <yoann.congal@smile.fr> 2023-04-06 16:19:22 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-12 14:17:09 +0100
commit: fe76a450eb162ba054c863adddfae72b618edd68 (patch)
tree: aea0371cb8b61f7112765c647f24cf962ecc7ebd
parent: 09bdad16f3a835eaa5b6158a2f8bfb180aa4cde0 (diff)
download: poky-fe76a450eb162ba054c863adddfae72b618edd68.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index ec7ff9c1a7..8b32c2b2df 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -13,3 +13,17 @@ CVE_CHECK_IGNORE += "CVE-2022-3566"
 # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
 CVE_CHECK_IGNORE += "CVE-2022-3567"
+# 2023
+# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
+# Both CVE-2022-38457 & CVE-2022-40133 are fixed by the same commit:
+# Introduced in version v4.20 e14c02e6b6990e9f6ee18a214a22ac26bae1b25e
+# Patched in kernel since v6.2 a309c7194e8a2f8bd4539b9449917913f6c2cd50
+# Backported in version v6.1.7 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a
+# See:
+#  * https://www.linuxkernelcves.com/cves/CVE-2022-38457
+#  * https://www.linuxkernelcves.com/cves/CVE-2022-40133
+#  * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
+CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133"
author	Yoann Congal <yoann.congal@smile.fr>	2023-04-06 16:19:22 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-12 14:17:09 +0100
commit	fe76a450eb162ba054c863adddfae72b618edd68 (patch)
tree	aea0371cb8b61f7112765c647f24cf962ecc7ebd
parent	09bdad16f3a835eaa5b6158a2f8bfb180aa4cde0 (diff)
download	poky-fe76a450eb162ba054c863adddfae72b618edd68.tar.gz

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index ec7ff9c1a7..8b32c2b2df 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -13,3 +13,17 @@ CVE_CHECK_IGNORE += "CVE-2022-3566"
13	# Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6	13	# Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
14	CVE_CHECK_IGNORE += "CVE-2022-3567"	14	CVE_CHECK_IGNORE += "CVE-2022-3567"
15		15
		16
		17	# 2023
		18
		19	# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
		20	# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
		21	# Both CVE-2022-38457 & CVE-2022-40133 are fixed by the same commit:
		22	# Introduced in version v4.20 e14c02e6b6990e9f6ee18a214a22ac26bae1b25e
		23	# Patched in kernel since v6.2 a309c7194e8a2f8bd4539b9449917913f6c2cd50
		24	# Backported in version v6.1.7 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a
		25	# See:
		26	# * https://www.linuxkernelcves.com/cves/CVE-2022-38457
		27	# * https://www.linuxkernelcves.com/cves/CVE-2022-40133
		28	# * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
		29	CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133"