diff options
author | Ross Burton <ross.burton@arm.com> | 2023-12-05 13:23:11 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-12-06 22:55:50 +0000 |
commit | 72342e8eea493777dd278558f9b603a826248937 (patch) | |
tree | 70fc6863df03f620dd86f85217348025834a0191 | |
parent | 1cd02effb06fbdb9eb7d8be0a57ef2abeb962563 (diff) | |
download | poky-72342e8eea493777dd278558f9b603a826248937.tar.gz |
linux-yocto: update CVE exclusions
(From OE-Core rev: 34835847442c15ebe12970bc31b6a949e66da48e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 26 | ||||
-rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion_6.5.inc | 22 |
2 files changed, 40 insertions, 8 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 1216e0c2dd..1e366481ff 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc | |||
@@ -1,9 +1,9 @@ | |||
1 | 1 | ||
2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. | 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
3 | # Generated at 2023-11-09 17:12:27.365962+00:00 for version 6.1.61 | 3 | # Generated at 2023-12-05 13:22:34.961692+00:00 for version 6.1.65 |
4 | 4 | ||
5 | python check_kernel_cve_status_version() { | 5 | python check_kernel_cve_status_version() { |
6 | this_version = "6.1.61" | 6 | this_version = "6.1.65" |
7 | kernel_version = d.getVar("LINUX_VERSION") | 7 | kernel_version = d.getVar("LINUX_VERSION") |
8 | if kernel_version != this_version: | 8 | if kernel_version != this_version: |
9 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) | 9 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) |
@@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" | |||
4524 | 4524 | ||
4525 | # CVE-2022-44033 needs backporting (fixed from 6.4rc1) | 4525 | # CVE-2022-44033 needs backporting (fixed from 6.4rc1) |
4526 | 4526 | ||
4527 | # CVE-2022-44034 has no known resolution | 4527 | # CVE-2022-44034 needs backporting (fixed from 6.4rc1) |
4528 | 4528 | ||
4529 | # CVE-2022-4543 has no known resolution | 4529 | # CVE-2022-4543 has no known resolution |
4530 | 4530 | ||
@@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53" | |||
5016 | 5016 | ||
5017 | CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" | 5017 | CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" |
5018 | 5018 | ||
5019 | CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" | ||
5020 | |||
5021 | CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" | ||
5022 | |||
5019 | CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" | 5023 | CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" |
5020 | 5024 | ||
5021 | # CVE-2023-4010 has no known resolution | 5025 | # CVE-2023-4010 has no known resolution |
@@ -5104,7 +5108,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" | |||
5104 | 5108 | ||
5105 | CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" | 5109 | CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" |
5106 | 5110 | ||
5107 | # CVE-2023-5090 needs backporting (fixed from 6.6rc7) | 5111 | CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" |
5108 | 5112 | ||
5109 | CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" | 5113 | CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" |
5110 | 5114 | ||
@@ -5114,7 +5118,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" | |||
5114 | 5118 | ||
5115 | CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" | 5119 | CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" |
5116 | 5120 | ||
5117 | # CVE-2023-5633 needs backporting (fixed from 6.6rc6) | 5121 | CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" |
5118 | 5122 | ||
5119 | CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" | 5123 | CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" |
5120 | 5124 | ||
5125 | # CVE-2023-5972 needs backporting (fixed from 6.6rc7) | ||
5126 | |||
5127 | # CVE-2023-6039 needs backporting (fixed from 6.5rc5) | ||
5128 | |||
5129 | CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" | ||
5130 | |||
5131 | # CVE-2023-6121 needs backporting (fixed from 6.7rc3) | ||
5132 | |||
5133 | CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" | ||
5134 | |||
5135 | # CVE-2023-6238 has no known resolution | ||
5136 | |||
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc index b4086d436c..6304d80844 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.5.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.5.inc | |||
@@ -1,9 +1,9 @@ | |||
1 | 1 | ||
2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. | 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
3 | # Generated at 2023-11-09 17:13:01.267965+00:00 for version 6.5.10 | 3 | # Generated at 2023-12-05 13:22:43.339114+00:00 for version 6.5.13 |
4 | 4 | ||
5 | python check_kernel_cve_status_version() { | 5 | python check_kernel_cve_status_version() { |
6 | this_version = "6.5.10" | 6 | this_version = "6.5.13" |
7 | kernel_version = d.getVar("LINUX_VERSION") | 7 | kernel_version = d.getVar("LINUX_VERSION") |
8 | if kernel_version != this_version: | 8 | if kernel_version != this_version: |
9 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) | 9 | bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) |
@@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1" | |||
4524 | 4524 | ||
4525 | CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" | 4525 | CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" |
4526 | 4526 | ||
4527 | # CVE-2022-44034 has no known resolution | 4527 | CVE_STATUS[CVE-2022-44034] = "fixed-version: Fixed from version 6.4rc1" |
4528 | 4528 | ||
4529 | # CVE-2022-4543 has no known resolution | 4529 | # CVE-2022-4543 has no known resolution |
4530 | 4530 | ||
@@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.5.3" | |||
5016 | 5016 | ||
5017 | CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" | 5017 | CVE_STATUS[CVE-2023-39194] = "fixed-version: Fixed from version 6.5rc7" |
5018 | 5018 | ||
5019 | CVE_STATUS[CVE-2023-39197] = "fixed-version: Fixed from version 6.5rc1" | ||
5020 | |||
5021 | CVE_STATUS[CVE-2023-39198] = "fixed-version: Fixed from version 6.5rc7" | ||
5022 | |||
5019 | CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" | 5023 | CVE_STATUS[CVE-2023-4004] = "fixed-version: Fixed from version 6.5rc3" |
5020 | 5024 | ||
5021 | # CVE-2023-4010 has no known resolution | 5025 | # CVE-2023-4010 has no known resolution |
@@ -5118,3 +5122,15 @@ CVE_STATUS[CVE-2023-5633] = "cpe-stable-backport: Backported in 6.5.8" | |||
5118 | 5122 | ||
5119 | CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.5.9" | 5123 | CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.5.9" |
5120 | 5124 | ||
5125 | CVE_STATUS[CVE-2023-5972] = "cpe-stable-backport: Backported in 6.5.9" | ||
5126 | |||
5127 | CVE_STATUS[CVE-2023-6039] = "fixed-version: Fixed from version 6.5rc5" | ||
5128 | |||
5129 | CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" | ||
5130 | |||
5131 | # CVE-2023-6121 needs backporting (fixed from 6.7rc3) | ||
5132 | |||
5133 | CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.5.4" | ||
5134 | |||
5135 | # CVE-2023-6238 has no known resolution | ||
5136 | |||