linux-yocto/6.6: update CVE exclusions

Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 25Feb24 Date: Sun, 25 Feb 2024 07:03:08 -0500 ] (From OE-Core rev: efa1420085d1671c7e3c9daa1949b36cf1822ed1) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-02-26 17:34:53 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-02-27 14:31:36 +0000
commit: 4945ca640b893c2251ace915edaa722886fac93f (patch)
tree: 7eff3cff0bb19bf98af5226a7d2417faa50943ab /meta/recipes-kernel
parent: f1da2426401ad0aceab9660b5a935decb4d37837 (diff)
download: poky-4945ca640b893c2251ace915edaa722886fac93f.tar.gz
1 files changed, 118 insertions, 6 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
index 0274496da3..723a588429 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
@@ -1,9 +1,9 @@
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-02-21 00:38:40.167585+00:00 for version 6.6.17
+# Generated at 2024-02-26 20:14:05.493685+00:00 for version 6.6.18
 python check_kernel_cve_status_version() {
-    this_version = "6.6.17"
+    this_version = "6.6.18"
    kernel_version = d.getVar("LINUX_VERSION")
    if kernel_version != this_version:
        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5144,6 +5144,70 @@ CVE_STATUS[CVE-2023-5197] = "fixed-version: Fixed from version 6.6rc3"
 CVE_STATUS[CVE-2023-52340] = "fixed-version: Fixed from version 6.3rc1"
+CVE_STATUS[CVE-2023-52429] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2023-52433] = "fixed-version: Fixed from version 6.6rc1"
+CVE_STATUS[CVE-2023-52434] = "cpe-stable-backport: Backported in 6.6.8"
+CVE_STATUS[CVE-2023-52435] = "cpe-stable-backport: Backported in 6.6.11"
+CVE_STATUS[CVE-2023-52436] = "cpe-stable-backport: Backported in 6.6.13"
+CVE_STATUS[CVE-2023-52438] = "cpe-stable-backport: Backported in 6.6.13"
+CVE_STATUS[CVE-2023-52439] = "cpe-stable-backport: Backported in 6.6.13"
+CVE_STATUS[CVE-2023-52440] = "fixed-version: Fixed from version 6.6rc1"
+CVE_STATUS[CVE-2023-52441] = "fixed-version: Fixed from version 6.5rc4"
+CVE_STATUS[CVE-2023-52442] = "fixed-version: Fixed from version 6.5rc4"
+CVE_STATUS[CVE-2023-52443] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52444] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52445] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52446] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52447] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52448] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52449] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52450] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52451] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52452] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52453] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52454] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52455] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52456] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52457] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52458] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52459] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52460] = "fixed-version: only affects 6.7rc1 onwards"
+CVE_STATUS[CVE-2023-52461] = "fixed-version: only affects 6.7rc1 onwards"
+CVE_STATUS[CVE-2023-52462] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52463] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2023-52464] = "cpe-stable-backport: Backported in 6.6.14"
 CVE_STATUS[CVE-2023-5345] = "fixed-version: Fixed from version 6.6rc4"
 CVE_STATUS[CVE-2023-5633] = "fixed-version: Fixed from version 6.6rc6"
@@ -5234,6 +5298,8 @@ CVE_STATUS[CVE-2024-1085] = "cpe-stable-backport: Backported in 6.6.14"
 CVE_STATUS[CVE-2024-1086] = "cpe-stable-backport: Backported in 6.6.15"
+CVE_STATUS[CVE-2024-1151] = "cpe-stable-backport: Backported in 6.6.18"
 CVE_STATUS[CVE-2024-1312] = "fixed-version: Fixed from version 6.5rc4"
 # CVE-2024-21803 has no known resolution
@@ -5252,11 +5318,11 @@ CVE_STATUS[CVE-2024-22705] = "cpe-stable-backport: Backported in 6.6.10"
 CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
-# CVE-2024-23850 has no known resolution
+CVE_STATUS[CVE-2024-23850] = "cpe-stable-backport: Backported in 6.6.18"
-# CVE-2024-23851 has no known resolution
+CVE_STATUS[CVE-2024-23851] = "cpe-stable-backport: Backported in 6.6.18"
-# CVE-2024-24855 has no known resolution
+CVE_STATUS[CVE-2024-24855] = "fixed-version: Fixed from version 6.5rc2"
 # CVE-2024-24857 has no known resolution
@@ -5264,9 +5330,55 @@ CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
 # CVE-2024-24859 has no known resolution
-# CVE-2024-24860 has no known resolution
+CVE_STATUS[CVE-2024-24860] = "cpe-stable-backport: Backported in 6.6.14"
 # CVE-2024-24861 has no known resolution
 # CVE-2024-24864 has no known resolution
+# CVE-2024-25739 has no known resolution
+# CVE-2024-25740 has no known resolution
+# CVE-2024-25741 has no known resolution
+CVE_STATUS[CVE-2024-25744] = "cpe-stable-backport: Backported in 6.6.7"
+CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17"
+CVE_STATUS[CVE-2024-26582] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2024-26583] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2024-26584] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2024-26585] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2024-26586] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26587] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26588] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26589] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26590] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26591] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26592] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26593] = "cpe-stable-backport: Backported in 6.6.18"
+CVE_STATUS[CVE-2024-26594] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26595] = "cpe-stable-backport: Backported in 6.6.14"
+# CVE-2024-26596 needs backporting (fixed from 6.8rc1)
+CVE_STATUS[CVE-2024-26597] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26598] = "cpe-stable-backport: Backported in 6.6.14"
+CVE_STATUS[CVE-2024-26599] = "cpe-stable-backport: Backported in 6.6.14"
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-02-26 17:34:53 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-02-27 14:31:36 +0000
commit	4945ca640b893c2251ace915edaa722886fac93f (patch)
tree	7eff3cff0bb19bf98af5226a7d2417faa50943ab /meta/recipes-kernel
parent	f1da2426401ad0aceab9660b5a935decb4d37837 (diff)
download	poky-4945ca640b893c2251ace915edaa722886fac93f.tar.gz

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index 0274496da3..723a588429 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc
@@ -1,9 +1,9 @@
1		1
2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.	2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3	# Generated at 2024-02-21 00:38:40.167585+00:00 for version 6.6.17	3	# Generated at 2024-02-26 20:14:05.493685+00:00 for version 6.6.18
4		4
5	python check_kernel_cve_status_version() {	5	python check_kernel_cve_status_version() {
6	this_version = "6.6.17"	6	this_version = "6.6.18"
7	kernel_version = d.getVar("LINUX_VERSION")	7	kernel_version = d.getVar("LINUX_VERSION")
8	if kernel_version != this_version:	8	if kernel_version != this_version:
9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))	9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5144,6 +5144,70 @@ CVE_STATUS[CVE-2023-5197] = "fixed-version: Fixed from version 6.6rc3"
5144		5144
5145	CVE_STATUS[CVE-2023-52340] = "fixed-version: Fixed from version 6.3rc1"	5145	CVE_STATUS[CVE-2023-52340] = "fixed-version: Fixed from version 6.3rc1"
5146		5146
		5147	CVE_STATUS[CVE-2023-52429] = "cpe-stable-backport: Backported in 6.6.18"
		5148
		5149	CVE_STATUS[CVE-2023-52433] = "fixed-version: Fixed from version 6.6rc1"
		5150
		5151	CVE_STATUS[CVE-2023-52434] = "cpe-stable-backport: Backported in 6.6.8"
		5152
		5153	CVE_STATUS[CVE-2023-52435] = "cpe-stable-backport: Backported in 6.6.11"
		5154
		5155	CVE_STATUS[CVE-2023-52436] = "cpe-stable-backport: Backported in 6.6.13"
		5156
		5157	CVE_STATUS[CVE-2023-52438] = "cpe-stable-backport: Backported in 6.6.13"
		5158
		5159	CVE_STATUS[CVE-2023-52439] = "cpe-stable-backport: Backported in 6.6.13"
		5160
		5161	CVE_STATUS[CVE-2023-52440] = "fixed-version: Fixed from version 6.6rc1"
		5162
		5163	CVE_STATUS[CVE-2023-52441] = "fixed-version: Fixed from version 6.5rc4"
		5164
		5165	CVE_STATUS[CVE-2023-52442] = "fixed-version: Fixed from version 6.5rc4"
		5166
		5167	CVE_STATUS[CVE-2023-52443] = "cpe-stable-backport: Backported in 6.6.14"
		5168
		5169	CVE_STATUS[CVE-2023-52444] = "cpe-stable-backport: Backported in 6.6.14"
		5170
		5171	CVE_STATUS[CVE-2023-52445] = "cpe-stable-backport: Backported in 6.6.14"
		5172
		5173	CVE_STATUS[CVE-2023-52446] = "cpe-stable-backport: Backported in 6.6.14"
		5174
		5175	CVE_STATUS[CVE-2023-52447] = "cpe-stable-backport: Backported in 6.6.14"
		5176
		5177	CVE_STATUS[CVE-2023-52448] = "cpe-stable-backport: Backported in 6.6.14"
		5178
		5179	CVE_STATUS[CVE-2023-52449] = "cpe-stable-backport: Backported in 6.6.14"
		5180
		5181	CVE_STATUS[CVE-2023-52450] = "cpe-stable-backport: Backported in 6.6.14"
		5182
		5183	CVE_STATUS[CVE-2023-52451] = "cpe-stable-backport: Backported in 6.6.14"
		5184
		5185	CVE_STATUS[CVE-2023-52452] = "cpe-stable-backport: Backported in 6.6.14"
		5186
		5187	CVE_STATUS[CVE-2023-52453] = "cpe-stable-backport: Backported in 6.6.14"
		5188
		5189	CVE_STATUS[CVE-2023-52454] = "cpe-stable-backport: Backported in 6.6.14"
		5190
		5191	CVE_STATUS[CVE-2023-52455] = "cpe-stable-backport: Backported in 6.6.14"
		5192
		5193	CVE_STATUS[CVE-2023-52456] = "cpe-stable-backport: Backported in 6.6.14"
		5194
		5195	CVE_STATUS[CVE-2023-52457] = "cpe-stable-backport: Backported in 6.6.14"
		5196
		5197	CVE_STATUS[CVE-2023-52458] = "cpe-stable-backport: Backported in 6.6.14"
		5198
		5199	CVE_STATUS[CVE-2023-52459] = "cpe-stable-backport: Backported in 6.6.14"
		5200
		5201	CVE_STATUS[CVE-2023-52460] = "fixed-version: only affects 6.7rc1 onwards"
		5202
		5203	CVE_STATUS[CVE-2023-52461] = "fixed-version: only affects 6.7rc1 onwards"
		5204
		5205	CVE_STATUS[CVE-2023-52462] = "cpe-stable-backport: Backported in 6.6.14"
		5206
		5207	CVE_STATUS[CVE-2023-52463] = "cpe-stable-backport: Backported in 6.6.14"
		5208
		5209	CVE_STATUS[CVE-2023-52464] = "cpe-stable-backport: Backported in 6.6.14"
		5210
5147	CVE_STATUS[CVE-2023-5345] = "fixed-version: Fixed from version 6.6rc4"	5211	CVE_STATUS[CVE-2023-5345] = "fixed-version: Fixed from version 6.6rc4"
5148		5212
5149	CVE_STATUS[CVE-2023-5633] = "fixed-version: Fixed from version 6.6rc6"	5213	CVE_STATUS[CVE-2023-5633] = "fixed-version: Fixed from version 6.6rc6"
@@ -5234,6 +5298,8 @@ CVE_STATUS[CVE-2024-1085] = "cpe-stable-backport: Backported in 6.6.14"
5234		5298
5235	CVE_STATUS[CVE-2024-1086] = "cpe-stable-backport: Backported in 6.6.15"	5299	CVE_STATUS[CVE-2024-1086] = "cpe-stable-backport: Backported in 6.6.15"
5236		5300
		5301	CVE_STATUS[CVE-2024-1151] = "cpe-stable-backport: Backported in 6.6.18"
		5302
5237	CVE_STATUS[CVE-2024-1312] = "fixed-version: Fixed from version 6.5rc4"	5303	CVE_STATUS[CVE-2024-1312] = "fixed-version: Fixed from version 6.5rc4"
5238		5304
5239	# CVE-2024-21803 has no known resolution	5305	# CVE-2024-21803 has no known resolution
@@ -5252,11 +5318,11 @@ CVE_STATUS[CVE-2024-22705] = "cpe-stable-backport: Backported in 6.6.10"
5252		5318
5253	CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"	5319	CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
5254		5320
5255	# CVE-2024-23850 has no known resolution	5321	CVE_STATUS[CVE-2024-23850] = "cpe-stable-backport: Backported in 6.6.18"
5256		5322
5257	# CVE-2024-23851 has no known resolution	5323	CVE_STATUS[CVE-2024-23851] = "cpe-stable-backport: Backported in 6.6.18"
5258		5324
5259	# CVE-2024-24855 has no known resolution	5325	CVE_STATUS[CVE-2024-24855] = "fixed-version: Fixed from version 6.5rc2"
5260		5326
5261	# CVE-2024-24857 has no known resolution	5327	# CVE-2024-24857 has no known resolution
5262		5328
@@ -5264,9 +5330,55 @@ CVE_STATUS[CVE-2024-23849] = "cpe-stable-backport: Backported in 6.6.15"
5264		5330
5265	# CVE-2024-24859 has no known resolution	5331	# CVE-2024-24859 has no known resolution
5266		5332
5267	# CVE-2024-24860 has no known resolution	5333	CVE_STATUS[CVE-2024-24860] = "cpe-stable-backport: Backported in 6.6.14"
5268		5334
5269	# CVE-2024-24861 has no known resolution	5335	# CVE-2024-24861 has no known resolution
5270		5336
5271	# CVE-2024-24864 has no known resolution	5337	# CVE-2024-24864 has no known resolution
5272		5338
		5339	# CVE-2024-25739 has no known resolution
		5340
		5341	# CVE-2024-25740 has no known resolution
		5342
		5343	# CVE-2024-25741 has no known resolution
		5344
		5345	CVE_STATUS[CVE-2024-25744] = "cpe-stable-backport: Backported in 6.6.7"
		5346
		5347	CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17"
		5348
		5349	CVE_STATUS[CVE-2024-26582] = "cpe-stable-backport: Backported in 6.6.18"
		5350
		5351	CVE_STATUS[CVE-2024-26583] = "cpe-stable-backport: Backported in 6.6.18"
		5352
		5353	CVE_STATUS[CVE-2024-26584] = "cpe-stable-backport: Backported in 6.6.18"
		5354
		5355	CVE_STATUS[CVE-2024-26585] = "cpe-stable-backport: Backported in 6.6.18"
		5356
		5357	CVE_STATUS[CVE-2024-26586] = "cpe-stable-backport: Backported in 6.6.14"
		5358
		5359	CVE_STATUS[CVE-2024-26587] = "cpe-stable-backport: Backported in 6.6.14"
		5360
		5361	CVE_STATUS[CVE-2024-26588] = "cpe-stable-backport: Backported in 6.6.14"
		5362
		5363	CVE_STATUS[CVE-2024-26589] = "cpe-stable-backport: Backported in 6.6.14"
		5364
		5365	CVE_STATUS[CVE-2024-26590] = "cpe-stable-backport: Backported in 6.6.14"
		5366
		5367	CVE_STATUS[CVE-2024-26591] = "cpe-stable-backport: Backported in 6.6.14"
		5368
		5369	CVE_STATUS[CVE-2024-26592] = "cpe-stable-backport: Backported in 6.6.14"
		5370
		5371	CVE_STATUS[CVE-2024-26593] = "cpe-stable-backport: Backported in 6.6.18"
		5372
		5373	CVE_STATUS[CVE-2024-26594] = "cpe-stable-backport: Backported in 6.6.14"
		5374
		5375	CVE_STATUS[CVE-2024-26595] = "cpe-stable-backport: Backported in 6.6.14"
		5376
		5377	# CVE-2024-26596 needs backporting (fixed from 6.8rc1)
		5378
		5379	CVE_STATUS[CVE-2024-26597] = "cpe-stable-backport: Backported in 6.6.14"
		5380
		5381	CVE_STATUS[CVE-2024-26598] = "cpe-stable-backport: Backported in 6.6.14"
		5382
		5383	CVE_STATUS[CVE-2024-26599] = "cpe-stable-backport: Backported in 6.6.14"
		5384