linux-yocto/6.1: update CVE exclusions

Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 27Dec23 Date: Wed, 27 Dec 2023 19:47:13 -0500 ] (From OE-Core rev: b303a7dd260ad3f6a9e6f1b8099b86efcc8373a9) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-01-03 16:24:21 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-01-04 23:47:51 +0000
commit: 2a99029835fbd19d7995faedd0da6bb69b53dbf4 (patch)
tree: d99da393159651d0444f834229f472b527fa9236 /meta/recipes-kernel
parent: 10075b25626b6dedd81639b868a1949e2cddea4e (diff)
download: poky-2a99029835fbd19d7995faedd0da6bb69b53dbf4.tar.gz
1 files changed, 39 insertions, 3 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 3cf11d6daf..8d345831d3 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68
+# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70
 python check_kernel_cve_status_version() {
-    this_version = "6.1.68"
+    this_version = "6.1.70"
    kernel_version = d.getVar("LINUX_VERSION")
    if kernel_version != this_version:
        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5108,12 +5108,22 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
 CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
+# CVE-2023-50431 has no known resolution
 CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
 CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
+# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
 CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"
+CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69"
+CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69"
+CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69"
 CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
 CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"
@@ -5122,7 +5132,7 @@ CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards"
 CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"
-# CVE-2023-5972 needs backporting (fixed from 6.6rc7)
+CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards"
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
@@ -5134,3 +5144,29 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54"
 # CVE-2023-6238 has no known resolution
+# CVE-2023-6356 has no known resolution
+# CVE-2023-6535 has no known resolution
+# CVE-2023-6536 has no known resolution
+CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47"
+# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
+# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
+# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
+CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68"
+# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
+CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68"
+CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68"
+CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66"
+# CVE-2023-7042 has no known resolution
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-01-03 16:24:21 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-01-04 23:47:51 +0000
commit	2a99029835fbd19d7995faedd0da6bb69b53dbf4 (patch)
tree	d99da393159651d0444f834229f472b527fa9236 /meta/recipes-kernel
parent	10075b25626b6dedd81639b868a1949e2cddea4e (diff)
download	poky-2a99029835fbd19d7995faedd0da6bb69b53dbf4.tar.gz

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 3cf11d6daf..8d345831d3 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
1		1
2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.	2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3	# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68	3	# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70
4		4
5	python check_kernel_cve_status_version() {	5	python check_kernel_cve_status_version() {
6	this_version = "6.1.68"	6	this_version = "6.1.70"
7	kernel_version = d.getVar("LINUX_VERSION")	7	kernel_version = d.getVar("LINUX_VERSION")
8	if kernel_version != this_version:	8	if kernel_version != this_version:
9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))	9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5108,12 +5108,22 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
5108		5108
5109	CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"	5109	CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
5110		5110
		5111	# CVE-2023-50431 has no known resolution
		5112
5111	CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"	5113	CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
5112		5114
5113	CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"	5115	CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
5114		5116
		5117	# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
		5118
5115	CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"	5119	CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"
5116		5120
		5121	CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69"
		5122
		5123	CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69"
		5124
		5125	CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69"
		5126
5117	CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"	5127	CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
5118		5128
5119	CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"	5129	CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"
@@ -5122,7 +5132,7 @@ CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards"
5122		5132
5123	CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"	5133	CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"
5124		5134
5125	# CVE-2023-5972 needs backporting (fixed from 6.6rc7)	5135	CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards"
5126		5136
5127	# CVE-2023-6039 needs backporting (fixed from 6.5rc5)	5137	# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
5128		5138
@@ -5134,3 +5144,29 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54"
5134		5144
5135	# CVE-2023-6238 has no known resolution	5145	# CVE-2023-6238 has no known resolution
5136		5146
		5147	# CVE-2023-6356 has no known resolution
		5148
		5149	# CVE-2023-6535 has no known resolution
		5150
		5151	# CVE-2023-6536 has no known resolution
		5152
		5153	CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47"
		5154
		5155	# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
		5156
		5157	# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
		5158
		5159	# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
		5160
		5161	CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68"
		5162
		5163	# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
		5164
		5165	CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68"
		5166
		5167	CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68"
		5168
		5169	CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66"
		5170
		5171	# CVE-2023-7042 has no known resolution
		5172