summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoss Burton <ross.burton@arm.com>2023-12-05 13:23:11 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-12-06 22:55:50 +0000
commit72342e8eea493777dd278558f9b603a826248937 (patch)
tree70fc6863df03f620dd86f85217348025834a0191
parent1cd02effb06fbdb9eb7d8be0a57ef2abeb962563 (diff)
downloadpoky-72342e8eea493777dd278558f9b603a826248937.tar.gz
linux-yocto: update CVE exclusions
(From OE-Core rev: 34835847442c15ebe12970bc31b6a949e66da48e) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-kernel/linux/cve-exclusion_6.1.inc26
-rw-r--r--meta/recipes-kernel/linux/cve-exclusion_6.5.inc22
2 files changed, 40 insertions, 8 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 1216e0c2dd..1e366481ff 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
1 1
2# Auto-generated CVE metadata, DO NOT EDIT BY HAND. 2# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3# Generated at 2023-11-09 17:12:27.365962+00:00 for version 6.1.61 3# Generated at 2023-12-05 13:22:34.961692+00:00 for version 6.1.65
4 4
5python check_kernel_cve_status_version() { 5python check_kernel_cve_status_version() {
6 this_version = "6.1.61" 6 this_version = "6.1.65"
7 kernel_version = d.getVar("LINUX_VERSION") 7 kernel_version = d.getVar("LINUX_VERSION")
8 if kernel_version != this_version: 8 if kernel_version != this_version:
9 bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) 9 bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
4524 4524
4525# CVE-2022-44033 needs backporting (fixed from 6.4rc1) 4525# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
4526 4526
4527# CVE-2022-44034 has no known resolution 4527# CVE-2022-44034 needs backporting (fixed from 6.4rc1)
4528 4528
4529# CVE-2022-4543 has no known resolution 4529# CVE-2022-4543 has no known resolution
4530 4530
@@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53"
5016 5016
5017CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" 5017CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47"
5018 5018
5019CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39"
5020
5021CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47"
5022
5019CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" 5023CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"
5020 5024
5021# CVE-2023-4010 has no known resolution 5025# CVE-2023-4010 has no known resolution
@@ -5104,7 +5108,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
5104 5108
5105CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" 5109CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
5106 5110
5107# CVE-2023-5090 needs backporting (fixed from 6.6rc7) 5111CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
5108 5112
5109CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" 5113CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
5110 5114
@@ -5114,7 +5118,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
5114 5118
5115CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" 5119CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"
5116 5120
5117# CVE-2023-5633 needs backporting (fixed from 6.6rc6) 5121CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards"
5118 5122
5119CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" 5123CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"
5120 5124
5125# CVE-2023-5972 needs backporting (fixed from 6.6rc7)
5126
5127# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
5128
5129CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards"
5130
5131# CVE-2023-6121 needs backporting (fixed from 6.7rc3)
5132
5133CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54"
5134
5135# CVE-2023-6238 has no known resolution
5136
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
index b4086d436c..6304d80844 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc
@@ -1,9 +1,9 @@
1 1
2# Auto-generated CVE metadata, DO NOT EDIT BY HAND. 2# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3# Generated at 2023-11-09 17:13:01.267965+00:00 for version 6.5.10 3# Generated at 2023-12-05 13:22:43.339114+00:00 for version 6.5.13
4 4
5python check_kernel_cve_status_version() { 5python check_kernel_cve_status_version() {
6 this_version = "6.5.10" 6 this_version = "6.5.13"
7 kernel_version = d.getVar("LINUX_VERSION") 7 kernel_version = d.getVar("LINUX_VERSION")
8 if kernel_version != this_version: 8 if kernel_version != this_version:
9 bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) 9 bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1"
4524 4524
4525CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" 4525CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1"
4526 4526
4527# CVE-2022-44034 has no known resolution 4527CVE_STATUS[CVE-2022-44034] = "fixed-version: Fixed from version 6.4rc1"
4528 4528
4529# CVE-2022-4543 has no known resolution 4529# CVE-2022-4543 has no known resolution
4530 4530
@@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.5.3"
5016 5016
5017CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" 5017CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7"
5018 5018
5019CVE_STATUS[CVE-2023-39197] = "fixed-version: Fixed from version 6.5rc1"
5020
5021CVE_STATUS[CVE-2023-39198] = "fixed-version: Fixed from version 6.5rc7"
5022
5019CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" 5023CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3"
5020 5024
5021# CVE-2023-4010 has no known resolution 5025# CVE-2023-4010 has no known resolution
@@ -5118,3 +5122,15 @@ CVE_STATUS[CVE-2023-5633] = "cpe-stable-backport: Backported in 6.5.8"
5118 5122
5119CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.5.9" 5123CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.5.9"
5120 5124
5125CVE_STATUS[CVE-2023-5972] = "cpe-stable-backport: Backported in 6.5.9"
5126
5127CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5"
5128
5129CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards"
5130
5131# CVE-2023-6121 needs backporting (fixed from 6.7rc3)
5132
5133CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.5.4"
5134
5135# CVE-2023-6238 has no known resolution
5136
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-23 21:22:41 +0000