diff options
| author | Ross Burton <ross.burton@arm.com> | 2023-09-04 13:36:31 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-05 08:09:13 +0100 |
| commit | e42e2cfc12724b26fe77c8b314895173b5b52e73 (patch) | |
| tree | ab8cded9f0b1c20cb7b1e54df3d1f55d4dd9c4ac | |
| parent | 7837dcdb44346d9ff58724a530a1be9e35e93a54 (diff) | |
| download | poky-e42e2cfc12724b26fe77c8b314895173b5b52e73.tar.gz | |
linux-yocto: update kernel CVE status
Handles the following CVEs:
6.1:
- CVE-2022-4098
- CVE-2023-0160
- CVE-2023-20569
- CVE-2023-20588
- CVE-2023-33250
- CVE-2023-34319
- CVE-2023-40283
- CVE-2023-4128
- CVE-2023-4155
- CVE-2023-4194
- CVE-2023-4273
- CVE-2023-4385
- CVE-2023-4387
- CVE-2023-4389
6.4:
- CVE-2022-40982
- CVE-2023-0160
- CVE-2023-20569
- CVE-2023-20588
- CVE-2023-33250
- CVE-2023-34319
- CVE-2023-40283
- CVE-2023-4128
- CVE-2023-4155
- CVE-2023-4194
- CVE-2023-4273
- CVE-2023-4385
- CVE-2023-4387
- CVE-2023-4389
- CVE-2023-4394
- CVE-2023-4459
(From OE-Core rev: 2020aee444868742590f44d149d11565fc9f58c4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 40 | ||||
| -rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion_6.4.inc | 40 |
2 files changed, 54 insertions, 26 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index ce3a534cf3..b6d733f9bb 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | 1 | ||
| 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. | 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
| 3 | # Generated at 2023-08-25 12:42:35.329668 for version 6.1.46" | 3 | # Generated at 2023-09-04 13:17:06.462373 for version 6.1.46 |
| 4 | 4 | ||
| 5 | python check_kernel_cve_status_version() { | 5 | python check_kernel_cve_status_version() { |
| 6 | this_version = "6.1.46" | 6 | this_version = "6.1.46" |
| @@ -3354,6 +3354,8 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed after version 5.9" | |||
| 3354 | 3354 | ||
| 3355 | CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4" | 3355 | CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4" |
| 3356 | 3356 | ||
| 3357 | # CVE-2020-27418 has no known resolution | ||
| 3358 | |||
| 3357 | CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1" | 3359 | CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1" |
| 3358 | 3360 | ||
| 3359 | CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1" | 3361 | CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1" |
| @@ -4460,7 +4462,7 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1" | |||
| 4460 | 4462 | ||
| 4461 | CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" | 4463 | CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" |
| 4462 | 4464 | ||
| 4463 | # CVE-2022-40982 has no known resolution | 4465 | CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.1.44" |
| 4464 | 4466 | ||
| 4465 | CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4" | 4467 | CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4" |
| 4466 | 4468 | ||
| @@ -4588,7 +4590,7 @@ CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed after version 5.16rc1" | |||
| 4588 | 4590 | ||
| 4589 | CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4" | 4591 | CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4" |
| 4590 | 4592 | ||
| 4591 | # CVE-2023-0160 has no known resolution | 4593 | CVE_STATUS[CVE-2023-0160] = "cpe-stable-backport: Backported in 6.1.28" |
| 4592 | 4594 | ||
| 4593 | CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in 6.1.7" | 4595 | CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in 6.1.7" |
| 4594 | 4596 | ||
| @@ -4702,9 +4704,9 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4" | |||
| 4702 | 4704 | ||
| 4703 | CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" | 4705 | CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" |
| 4704 | 4706 | ||
| 4705 | # CVE-2023-20569 has no known resolution | 4707 | CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.1.44" |
| 4706 | 4708 | ||
| 4707 | # CVE-2023-20588 has no known resolution | 4709 | CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.1.45" |
| 4708 | 4710 | ||
| 4709 | CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41" | 4711 | CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41" |
| 4710 | 4712 | ||
| @@ -4900,7 +4902,7 @@ CVE_STATUS[CVE-2023-3317] = "fixed-version: only affects 6.2rc1 onwards" | |||
| 4900 | 4902 | ||
| 4901 | CVE_STATUS[CVE-2023-33203] = "cpe-stable-backport: Backported in 6.1.22" | 4903 | CVE_STATUS[CVE-2023-33203] = "cpe-stable-backport: Backported in 6.1.22" |
| 4902 | 4904 | ||
| 4903 | # CVE-2023-33250 has no known resolution | 4905 | CVE_STATUS[CVE-2023-33250] = "fixed-version: only affects 6.2rc1 onwards" |
| 4904 | 4906 | ||
| 4905 | CVE_STATUS[CVE-2023-33288] = "cpe-stable-backport: Backported in 6.1.22" | 4907 | CVE_STATUS[CVE-2023-33288] = "cpe-stable-backport: Backported in 6.1.22" |
| 4906 | 4908 | ||
| @@ -4928,7 +4930,7 @@ CVE_STATUS[CVE-2023-34255] = "cpe-stable-backport: Backported in 6.1.33" | |||
| 4928 | 4930 | ||
| 4929 | CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29" | 4931 | CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29" |
| 4930 | 4932 | ||
| 4931 | # CVE-2023-34319 has no known resolution | 4933 | CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.1.44" |
| 4932 | 4934 | ||
| 4933 | CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" | 4935 | CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" |
| 4934 | 4936 | ||
| @@ -4964,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40" | |||
| 4964 | 4966 | ||
| 4965 | # CVE-2023-37454 has no known resolution | 4967 | # CVE-2023-37454 has no known resolution |
| 4966 | 4968 | ||
| 4967 | # CVE-2023-3772 has no known resolution | 4969 | # CVE-2023-3772 needs backporting (fixed from 6.1.47) |
| 4968 | 4970 | ||
| 4969 | # CVE-2023-3773 has no known resolution | 4971 | # CVE-2023-3773 needs backporting (fixed from 6.1.47) |
| 4970 | 4972 | ||
| 4971 | CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40" | 4973 | CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40" |
| 4972 | 4974 | ||
| @@ -4994,7 +4996,9 @@ CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" | |||
| 4994 | 4996 | ||
| 4995 | # CVE-2023-4010 has no known resolution | 4997 | # CVE-2023-4010 has no known resolution |
| 4996 | 4998 | ||
| 4997 | # CVE-2023-4128 needs backporting (fixed from 6.5rc5) | 4999 | CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45" |
| 5000 | |||
| 5001 | CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45" | ||
| 4998 | 5002 | ||
| 4999 | CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39" | 5003 | CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39" |
| 5000 | 5004 | ||
| @@ -5004,9 +5008,19 @@ CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39" | |||
| 5004 | 5008 | ||
| 5005 | CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43" | 5009 | CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43" |
| 5006 | 5010 | ||
| 5007 | # CVE-2023-4155 has no known resolution | 5011 | CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46" |
| 5012 | |||
| 5013 | CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards" | ||
| 5014 | |||
| 5015 | CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45" | ||
| 5016 | |||
| 5017 | CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed after version 5.19rc1" | ||
| 5018 | |||
| 5019 | CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed after version 5.18" | ||
| 5020 | |||
| 5021 | CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed after version 5.18rc3" | ||
| 5008 | 5022 | ||
| 5009 | # CVE-2023-4194 needs backporting (fixed from 6.5rc5) | 5023 | CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed after version 6.0rc3" |
| 5010 | 5024 | ||
| 5011 | # CVE-2023-4273 needs backporting (fixed from 6.5rc5) | 5025 | CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed after version 5.18" |
| 5012 | 5026 | ||
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc index 63f0760b2d..c17ac91efb 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | 1 | ||
| 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. | 2 | # Auto-generated CVE metadata, DO NOT EDIT BY HAND. |
| 3 | # Generated at 2023-08-25 12:42:28.369507 for version 6.4.11" | 3 | # Generated at 2023-09-04 13:17:16.330789 for version 6.4.11 |
| 4 | 4 | ||
| 5 | python check_kernel_cve_status_version() { | 5 | python check_kernel_cve_status_version() { |
| 6 | this_version = "6.4.11" | 6 | this_version = "6.4.11" |
| @@ -3354,6 +3354,8 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed after version 5.9" | |||
| 3354 | 3354 | ||
| 3355 | CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4" | 3355 | CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4" |
| 3356 | 3356 | ||
| 3357 | # CVE-2020-27418 has no known resolution | ||
| 3358 | |||
| 3357 | CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1" | 3359 | CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1" |
| 3358 | 3360 | ||
| 3359 | CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1" | 3361 | CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1" |
| @@ -4460,7 +4462,7 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1" | |||
| 4460 | 4462 | ||
| 4461 | CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" | 4463 | CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" |
| 4462 | 4464 | ||
| 4463 | # CVE-2022-40982 has no known resolution | 4465 | CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.4.9" |
| 4464 | 4466 | ||
| 4465 | CVE_STATUS[CVE-2022-41218] = "fixed-version: Fixed after version 6.2rc1" | 4467 | CVE_STATUS[CVE-2022-41218] = "fixed-version: Fixed after version 6.2rc1" |
| 4466 | 4468 | ||
| @@ -4588,7 +4590,7 @@ CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed after version 5.16rc1" | |||
| 4588 | 4590 | ||
| 4589 | CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4" | 4591 | CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4" |
| 4590 | 4592 | ||
| 4591 | # CVE-2023-0160 has no known resolution | 4593 | CVE_STATUS[CVE-2023-0160] = "fixed-version: Fixed after version 6.4rc1" |
| 4592 | 4594 | ||
| 4593 | CVE_STATUS[CVE-2023-0179] = "fixed-version: Fixed after version 6.2rc5" | 4595 | CVE_STATUS[CVE-2023-0179] = "fixed-version: Fixed after version 6.2rc5" |
| 4594 | 4596 | ||
| @@ -4702,9 +4704,9 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4" | |||
| 4702 | 4704 | ||
| 4703 | CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" | 4705 | CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" |
| 4704 | 4706 | ||
| 4705 | # CVE-2023-20569 has no known resolution | 4707 | CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.4.9" |
| 4706 | 4708 | ||
| 4707 | # CVE-2023-20588 has no known resolution | 4709 | CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.4.10" |
| 4708 | 4710 | ||
| 4709 | CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.4.6" | 4711 | CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.4.6" |
| 4710 | 4712 | ||
| @@ -4900,7 +4902,7 @@ CVE_STATUS[CVE-2023-3317] = "fixed-version: Fixed after version 6.3rc6" | |||
| 4900 | 4902 | ||
| 4901 | CVE_STATUS[CVE-2023-33203] = "fixed-version: Fixed after version 6.3rc4" | 4903 | CVE_STATUS[CVE-2023-33203] = "fixed-version: Fixed after version 6.3rc4" |
| 4902 | 4904 | ||
| 4903 | # CVE-2023-33250 has no known resolution | 4905 | CVE_STATUS[CVE-2023-33250] = "cpe-stable-backport: Backported in 6.4.4" |
| 4904 | 4906 | ||
| 4905 | CVE_STATUS[CVE-2023-33288] = "fixed-version: Fixed after version 6.3rc4" | 4907 | CVE_STATUS[CVE-2023-33288] = "fixed-version: Fixed after version 6.3rc4" |
| 4906 | 4908 | ||
| @@ -4928,7 +4930,7 @@ CVE_STATUS[CVE-2023-34255] = "fixed-version: Fixed after version 6.4rc1" | |||
| 4928 | 4930 | ||
| 4929 | CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed after version 6.4rc2" | 4931 | CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed after version 6.4rc2" |
| 4930 | 4932 | ||
| 4931 | # CVE-2023-34319 has no known resolution | 4933 | CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.4.9" |
| 4932 | 4934 | ||
| 4933 | CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" | 4935 | CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" |
| 4934 | 4936 | ||
| @@ -4964,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.4.5" | |||
| 4964 | 4966 | ||
| 4965 | # CVE-2023-37454 has no known resolution | 4967 | # CVE-2023-37454 has no known resolution |
| 4966 | 4968 | ||
| 4967 | # CVE-2023-3772 has no known resolution | 4969 | # CVE-2023-3772 needs backporting (fixed from 6.4.12) |
| 4968 | 4970 | ||
| 4969 | # CVE-2023-3773 has no known resolution | 4971 | # CVE-2023-3773 needs backporting (fixed from 6.4.12) |
| 4970 | 4972 | ||
| 4971 | CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5" | 4973 | CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5" |
| 4972 | 4974 | ||
| @@ -4994,7 +4996,9 @@ CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7" | |||
| 4994 | 4996 | ||
| 4995 | # CVE-2023-4010 has no known resolution | 4997 | # CVE-2023-4010 has no known resolution |
| 4996 | 4998 | ||
| 4997 | # CVE-2023-4128 needs backporting (fixed from 6.5rc5) | 4999 | CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.4.10" |
| 5000 | |||
| 5001 | CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.4.10" | ||
| 4998 | 5002 | ||
| 4999 | CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.4.4" | 5003 | CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.4.4" |
| 5000 | 5004 | ||
| @@ -5004,9 +5008,19 @@ CVE_STATUS[CVE-2023-4134] = "cpe-stable-backport: Backported in 6.4.4" | |||
| 5004 | 5008 | ||
| 5005 | CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.4.8" | 5009 | CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.4.8" |
| 5006 | 5010 | ||
| 5007 | # CVE-2023-4155 has no known resolution | 5011 | CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.4.11" |
| 5012 | |||
| 5013 | CVE_STATUS[CVE-2023-4194] = "cpe-stable-backport: Backported in 6.4.10" | ||
| 5014 | |||
| 5015 | CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10" | ||
| 5016 | |||
| 5017 | CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed after version 5.19rc1" | ||
| 5018 | |||
| 5019 | CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed after version 5.18" | ||
| 5020 | |||
| 5021 | CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed after version 5.18rc3" | ||
| 5008 | 5022 | ||
| 5009 | # CVE-2023-4194 needs backporting (fixed from 6.5rc5) | 5023 | CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed after version 6.0rc3" |
| 5010 | 5024 | ||
| 5011 | # CVE-2023-4273 needs backporting (fixed from 6.5rc5) | 5025 | CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed after version 5.18" |
| 5012 | 5026 | ||