summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAndrej Valek <andrej.valek@siemens.com>2023-07-20 09:19:50 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-07-21 11:52:26 +0100
commitc15e506a4674e558922c5a75512ca2b5c296cd44 (patch)
treea0cc1ebf9daca61304185ed901596e31f4029658 /meta
parent7e18a90d35a62cd6894385a9dab549a594d5f11e (diff)
downloadpoky-c15e506a4674e558922c5a75512ca2b5c296cd44.tar.gz
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
- Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version (From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/conf/distro/include/cve-extra-exclusions.inc149
-rw-r--r--meta/recipes-bsp/grub/grub2.inc6
-rw-r--r--meta/recipes-connectivity/avahi/avahi_0.8.bb3
-rw-r--r--meta/recipes-connectivity/bind/bind_9.18.16.bb2
-rw-r--r--meta/recipes-connectivity/bluez5/bluez5_5.68.bb4
-rw-r--r--meta/recipes-connectivity/openssh/openssh_9.3p1.bb9
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.1.1.bb3
-rw-r--r--meta/recipes-core/coreutils/coreutils_9.3.bb4
-rw-r--r--meta/recipes-core/glibc/glibc_2.37.bb17
-rw-r--r--meta/recipes-core/libxml/libxml2_2.11.4.bb4
-rw-r--r--meta/recipes-core/systemd/systemd_253.3.bb3
-rw-r--r--meta/recipes-devtools/cmake/cmake.inc4
-rw-r--r--meta/recipes-devtools/flex/flex_2.6.4.bb6
-rw-r--r--meta/recipes-devtools/gcc/gcc-13.1.inc3
-rw-r--r--meta/recipes-devtools/git/git_2.39.3.bb7
-rw-r--r--meta/recipes-devtools/jquery/jquery_3.6.3.bb5
-rw-r--r--meta/recipes-devtools/ninja/ninja_1.11.1.bb3
-rw-r--r--meta/recipes-devtools/python/python3_3.11.4.bb16
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc13
-rw-r--r--meta/recipes-devtools/rsync/rsync_3.2.7.bb3
-rw-r--r--meta/recipes-devtools/tcltk/tcl_8.6.13.bb4
-rw-r--r--meta/recipes-extended/cpio/cpio_2.14.bb3
-rw-r--r--meta/recipes-extended/cups/cups.inc17
-rw-r--r--meta/recipes-extended/iputils/iputils_20221126.bb5
-rw-r--r--meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb3
-rw-r--r--meta/recipes-extended/procps/procps_4.0.3.bb4
-rw-r--r--meta/recipes-extended/shadow/shadow_4.13.bb7
-rw-r--r--meta/recipes-extended/unzip/unzip_6.0.bb3
-rw-r--r--meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb2
-rw-r--r--meta/recipes-extended/zip/zip_3.0.bb7
-rw-r--r--meta/recipes-gnome/libnotify/libnotify_0.8.2.bb2
-rw-r--r--meta/recipes-gnome/librsvg/librsvg_2.56.1.bb3
-rw-r--r--meta/recipes-graphics/builder/builder_0.1.bb3
-rw-r--r--meta/recipes-graphics/xorg-xserver/xserver-xorg.inc19
-rw-r--r--meta/recipes-kernel/linux/cve-exclusion_6.1.inc361
-rw-r--r--meta/recipes-multimedia/libpng/libpng_1.6.40.bb3
-rw-r--r--meta/recipes-multimedia/libtiff/tiff_4.5.1.bb4
-rw-r--r--meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb4
-rw-r--r--meta/recipes-support/libxslt/libxslt_1.1.38.bb4
-rw-r--r--meta/recipes-support/lz4/lz4_1.9.4.bb3
-rw-r--r--meta/recipes-support/sqlite/sqlite3_3.42.0.bb6
41 files changed, 310 insertions, 421 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 0ae63e2c63..61fb08dbeb 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -15,44 +15,43 @@
15# the aim of sharing that work and ensuring we don't duplicate it. 15# the aim of sharing that work and ensuring we don't duplicate it.
16# 16#
17 17
18# strace https://nvd.nist.gov/vuln/detail/CVE-2000-0006
19CVE_STATUS[CVE-2000-0006] = "upstream-wontfix: CVE is more than 20 years old \
20with no resolution evident. Broken links in CVE database references make resolution impractical."
18 21
19# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 22# epiphany https://nvd.nist.gov/vuln/detail/CVE-2005-0238
20# CVE is more than 20 years old with no resolution evident 23CVE_STATUS[CVE-2005-0238] = "upstream-wontfix: \
21# broken links in CVE database references make resolution impractical 24The issue here is spoofing of domain names using characters from other character sets. \
22CVE_CHECK_IGNORE += "CVE-2000-0006" 25There has been much discussion amongst the epiphany and webkit developers and \
23 26whilst there are improvements about how domains are handled and displayed to the user \
24# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 27there is unlikely ever to be a single fix to webkit or epiphany which addresses this \
25# The issue here is spoofing of domain names using characters from other character sets. 28problem. There isn't any mitigation or fix or way to progress this further."
26# There has been much discussion amongst the epiphany and webkit developers and 29
27# whilst there are improvements about how domains are handled and displayed to the user 30# glibc https://nvd.nist.gov/vuln/detail/CVE-2010-4756
28# there is unlikely ever to be a single fix to webkit or epiphany which addresses this 31CVE_STATUS[CVE-2010-4756] = "upstream-wontfix: \
29# problem. Ignore this CVE as there isn't any mitigation or fix or way to progress this further 32Issue is memory exhaustion via glob() calls, e.g. from within an ftp server \
30# we can seem to take. 33Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 \
31CVE_CHECK_IGNORE += "CVE-2005-0238" 34Upstream don't see it as a security issue, ftp servers shouldn't be passing \
32 35this to libc glob. Upstream have no plans to add BSD's GLOB_LIMIT or similar."
33# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 36
34# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server 37# go https://nvd.nist.gov/vuln/detail/CVE-2020-29509
35# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 38# go https://nvd.nist.gov/vuln/detail/CVE-2020-29511
36# Upstream don't see it as a security issue, ftp servers shouldn't be passing 39CVE_STATUS_GROUPS += "CVE_STATUS_GO"
37# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar 40CVE_STATUS_GO = "CVE-2020-29509 CVE-2020-29511"
38CVE_CHECK_IGNORE += "CVE-2010-4756" 41CVE_STATUS_GO[status] = "not-applicable-config: \
39 42The encoding/xml package in go can potentially be used for security exploits if not used correctly \
40# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 43CVE applies to a netapp product as well as flagging a general issue. We don't ship anything \
41# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 44exposing this interface in an exploitable way"
42# The encoding/xml package in go can potentially be used for security exploits if not used correctly
43# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything
44# exposing this interface in an exploitable way
45CVE_CHECK_IGNORE += "CVE-2020-29509 CVE-2020-29511"
46 45
47# db 46# db
48# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with 47CVE_STATUS_GROUPS += "CVE_STATUS_DB"
49# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed. 48CVE_STATUS_DB = "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
50CVE_CHECK_IGNORE += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
51CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \ 49CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
52CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \ 50CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
53CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \ 51CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
54CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981" 52CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
55 53CVE_STATUS_DB[status] = "upstream-wontfix: Since Oracle relicensed bdb, the open source community is slowly but surely \
54replacing bdb with supported and open source friendly alternatives. As a result this CVE is unlikely to ever be fixed."
56 55
57# 56#
58# Kernel CVEs, e.g. linux-yocto* 57# Kernel CVEs, e.g. linux-yocto*
@@ -65,50 +64,64 @@ CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
65# issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd 64# issues to be visible. If anyone wishes to clean up CPE entries with NIST for these, we'd
66# welcome than and then entries can likely be removed from here. 65# welcome than and then entries can likely be removed from here.
67# 66#
67
68CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_2010 CVE_STATUS_KERNEL_2017 CVE_STATUS_KERNEL_2018 CVE_STATUS_KERNEL_2020 \
69 CVE_STATUS_KERNEL_2021 CVE_STATUS_KERNEL_2022"
70
68# 1999-2010 71# 1999-2010
69CVE_CHECK_IGNORE += "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \ 72CVE_STATUS_KERNEL_2010 = "CVE-1999-0524 CVE-1999-0656 CVE-2006-2932 CVE-2007-2764 CVE-2007-4998 CVE-2008-2544 \
70 CVE-2008-4609 CVE-2010-0298 CVE-2010-4563" 73 CVE-2008-4609 CVE-2010-0298 CVE-2010-4563"
74CVE_STATUS_KERNEL_2010[status] = "ignored"
75
71# 2011-2017 76# 2011-2017
72CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \ 77CVE_STATUS_KERNEL_2017 = "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE-2016-3695 CVE-2016-3699 \
73 CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264" 78 CVE-2017-1000255 CVE-2017-1000377 CVE-2017-5897 CVE-2017-6264"
79CVE_STATUS_KERNEL_2017[status] = "ignored"
80
74# 2018 81# 2018
75CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \ 82CVE_STATUS_KERNEL_2018 = "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \
76 CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873" 83 CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873"
84CVE_STATUS_KERNEL_2018[status] = "ignored"
85
77# 2020 86# 2020
78CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" 87CVE_STATUS_KERNEL_2020 = "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834"
88CVE_STATUS_KERNEL_2020[status] = "ignored"
89
79# 2021 90# 2021
80CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ 91CVE_STATUS_KERNEL_2021 = "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \
81 CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" 92 CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402"
93CVE_STATUS_KERNEL_2021[status] = "ignored"
94
82# 2022 95# 2022
83CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ 96CVE_STATUS_KERNEL_2022 = "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \
84 CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ 97 CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \
85 CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \ 98 CVE-2022-0995 CVE-2022-0998 CVE-2022-1011 CVE-2022-1015 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 \
86 CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \ 99 CVE-2022-1353 CVE-2022-24122 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25265 \
87 CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \ 100 CVE-2022-25375 CVE-2022-26490 CVE-2022-26878 CVE-2022-26966 CVE-2022-27223 CVE-2022-27666 CVE-2022-27950 \
88 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ 101 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \
89 CVE-2022-29582 CVE-2022-29968" 102 CVE-2022-29582 CVE-2022-29968"
103CVE_STATUS_KERNEL_2022[status] = "ignored"
90 104
91 105
92# Wrong CPE in NVD database
93# https://nvd.nist.gov/vuln/detail/CVE-2022-3563 106# https://nvd.nist.gov/vuln/detail/CVE-2022-3563
94# https://nvd.nist.gov/vuln/detail/CVE-2022-3637 107# https://nvd.nist.gov/vuln/detail/CVE-2022-3637
95# Those issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git 108CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
96CVE_CHECK_IGNORE += "CVE-2022-3563 CVE-2022-3637" 109CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issue do not affect the kernel, patchs listed on CVE pages links to https://git.kernel.org/pub/scm/bluetooth/bluez.git"
97 110
98# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 111# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2021-20255
99# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html 112CVE_STATUS[CVE-2021-20255] = "upstream-wontfix: \
100# qemu maintainers say the patch is incorrect and should not be applied 113There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html \
101# Ignore from OE's perspectivee as the issue is of low impact, at worst sitting in an infinite loop rather than exploitable 114qemu maintainers say the patch is incorrect and should not be applied \
102CVE_CHECK_IGNORE += "CVE-2021-20255" 115The issue is of low impact, at worst sitting in an infinite loop rather than exploitable."
103 116
104# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 117# qemu:qemu-native:qemu-system-native https://nvd.nist.gov/vuln/detail/CVE-2019-12067
105# There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can 118CVE_STATUS[CVE-2019-12067] = "upstream-wontfix: \
106# still be reproduced or where exactly any bug is. 119There was a proposed patch but rejected by upstream qemu. It is unclear if the issue can \
107# Ignore from OE's perspective as we'll pick up any fix when upstream accepts one. 120still be reproduced or where exactly any bug is. \
108CVE_CHECK_IGNORE += "CVE-2019-12067" 121We'll pick up any fix when upstream accepts one."
109 122
110# nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 123# nasm:nasm-native https://nvd.nist.gov/vuln/detail/CVE-2020-18974
111# It is a fuzzing related buffer overflow. It is of low impact since most devices 124CVE_STATUS[CVE-2020-18974] = "upstream-wontfix: \
112# wouldn't expose an assembler. The upstream is inactive and there is little to be 125It is a fuzzing related buffer overflow. It is of low impact since most devices
113# done about the bug, ignore from an OE perspective. 126wouldn't expose an assembler. The upstream is inactive and there is little to be
114CVE_CHECK_IGNORE += "CVE-2020-18974" 127done about the bug, ignore from an OE perspective."
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 58b215d79c..41839698dc 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -46,10 +46,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
46 46
47SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f" 47SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
48 48
49# Applies only to RHEL 49CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
50CVE_CHECK_IGNORE += "CVE-2019-14865" 50CVE_STATUS[CVE-2021-46705] = "not-applicable-platform: Applies only to SUSE"
51# Applies only to SUSE
52CVE_CHECK_IGNORE += "CVE-2021-46705"
53 51
54DEPENDS = "flex-native bison-native gettext-native" 52DEPENDS = "flex-native bison-native gettext-native"
55 53
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb
index 1764997c41..d1c6f7f54a 100644
--- a/meta/recipes-connectivity/avahi/avahi_0.8.bb
+++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb
@@ -32,8 +32,7 @@ GITHUB_BASE_URI = "https://github.com/lathiat/avahi/releases/"
32SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7" 32SRC_URI[md5sum] = "229c6aa30674fc43c202b22c5f8c2be7"
33SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda" 33SRC_URI[sha256sum] = "060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda"
34 34
35# Issue only affects Debian/SUSE, not us 35CVE_STATUS[CVE-2021-26720] = "not-applicable-platform: Issue only affects Debian/SUSE"
36CVE_CHECK_IGNORE += "CVE-2021-26720"
37 36
38DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native" 37DEPENDS = "expat libcap libdaemon glib-2.0 glib-2.0-native"
39 38
diff --git a/meta/recipes-connectivity/bind/bind_9.18.16.bb b/meta/recipes-connectivity/bind/bind_9.18.16.bb
index 1b1649566a..d9b62bb8b0 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.16.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.16.bb
@@ -28,7 +28,7 @@ UPSTREAM_CHECK_REGEX = "(?P<pver>9.(\d*[02468])+(\.\d+)+(-P\d+)*)/"
28 28
29# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore 29# Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore
30# so the issue doesn't affect us. 30# so the issue doesn't affect us.
31CVE_CHECK_IGNORE += "CVE-2019-6470" 31CVE_STATUS[CVE-2019-6470] = "not-applicable-config: Issue only affects dhcpd with recent bind versions and we don't ship dhcpd anymore."
32 32
33inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives 33inherit autotools update-rc.d systemd useradd pkgconfig multilib_header update-alternatives
34 34
diff --git a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
index 921f739fb8..f8405ed091 100644
--- a/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
+++ b/meta/recipes-connectivity/bluez5/bluez5_5.68.bb
@@ -2,8 +2,8 @@ require bluez5.inc
2 2
3SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933" 3SRC_URI[sha256sum] = "fc505e6445cb579a55cacee6821fe70d633921522043d322b696de0a175ff933"
4 4
5# These issues have kernel fixes rather than bluez fixes so exclude here 5CVE_STATUS[CVE-2022-3563] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
6CVE_CHECK_IGNORE += "CVE-2020-12352 CVE-2020-24490" 6CVE_STATUS[CVE-2022-3637] = "cpe-incorrect: This issues have kernel fixes rather than bluez fixes"
7 7
8# noinst programs in Makefile.tools that are conditional on READLINE 8# noinst programs in Makefile.tools that are conditional on READLINE
9# support 9# support
diff --git a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
index 42ce814523..3edc123b9a 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
@@ -28,15 +28,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
28 " 28 "
29SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8" 29SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
30 30
31# This CVE is specific to OpenSSH with the pam opie which we don't build/use here 31CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
32CVE_CHECK_IGNORE += "CVE-2007-2768"
33 32
34# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 33# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7
35# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded 34# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded
36CVE_CHECK_IGNORE += "CVE-2014-9278" 35CVE_STATUS[CVE-2014-9278] = "not-applicable-platform: This CVE is specific to OpenSSH server, as used in Fedora and \
36Red Hat Enterprise Linux 7 and when running in a Kerberos environment"
37 37
38# CVE only applies to some distributed RHEL binaries 38CVE_STATUS[CVE-2008-3844] = "not-applicable-platform: Only applies to some distributed RHEL binaries."
39CVE_CHECK_IGNORE += "CVE-2008-3844"
40 39
41PAM_SRC_URI = "file://sshd" 40PAM_SRC_URI = "file://sshd"
42 41
diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.1.bb b/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
index 432ab4032b..c2a7173c84 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.1.bb
@@ -255,6 +255,5 @@ CVE_PRODUCT = "openssl:openssl"
255 255
256CVE_VERSION_SUFFIX = "alphabetical" 256CVE_VERSION_SUFFIX = "alphabetical"
257 257
258# Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37
259# Apache in meta-webserver is already recent enough 258# Apache in meta-webserver is already recent enough
260CVE_CHECK_IGNORE += "CVE-2019-0190" 259CVE_STATUS[CVE-2019-0190] = "not-applicable-config: Only affects OpenSSL >= 1.1.1 in combination with Apache < 2.4.37"
diff --git a/meta/recipes-core/coreutils/coreutils_9.3.bb b/meta/recipes-core/coreutils/coreutils_9.3.bb
index 25da988f50..ba38169f05 100644
--- a/meta/recipes-core/coreutils/coreutils_9.3.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.3.bb
@@ -23,8 +23,8 @@ SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
23SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa" 23SRC_URI[sha256sum] = "adbcfcfe899235b71e8768dcf07cd532520b7f54f9a8064843f8d199a904bbaa"
24 24
25# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 25# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
26# runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue. 26#
27CVE_CHECK_IGNORE += "CVE-2016-2781" 27CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue."
28 28
29EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}" 29EXTRA_OECONF:class-target = "--enable-install-program=arch,hostname --libexecdir=${libdir}"
30EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname" 30EXTRA_OECONF:class-nativesdk = "--enable-install-program=arch,hostname"
diff --git a/meta/recipes-core/glibc/glibc_2.37.bb b/meta/recipes-core/glibc/glibc_2.37.bb
index 3387441cad..851aa612b1 100644
--- a/meta/recipes-core/glibc/glibc_2.37.bb
+++ b/meta/recipes-core/glibc/glibc_2.37.bb
@@ -4,18 +4,19 @@ require glibc-version.inc
4# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 4# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
5# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 5# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
6# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 6# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
7# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. 7CVE_STATUS_GROUPS = "CVE_STATUS_RECIPE"
8# "this is being treated as a non-security bug and no real threat." 8CVE_STATUS_RECIPE = "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
9CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" 9CVE_STATUS_RECIPE[status] = "disputed: \
10Upstream glibc maintainers dispute there is any issue and have no plans to address it further. \
11this is being treated as a non-security bug and no real threat."
10 12
11# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 13# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
12# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
13# easier access for another. "ASLR bypass itself is not a vulnerability."
14# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 14# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
15CVE_CHECK_IGNORE += "CVE-2019-1010025" 15CVE_STATUS[CVE-2019-1010025] = "disputed: \
16Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow \
17easier access for another. 'ASLR bypass itself is not a vulnerability.'"
16 18
17# This is integrated into the 2.37 branch as of 07b9521fc6 19CVE_STATUS[CVE-2023-25139] = "cpe-stable-backport: This is integrated into the 2.37 branch as of 07b9521fc6"
18CVE_CHECK_IGNORE += "CVE-2023-25139"
19 20
20DEPENDS += "gperf-native bison-native" 21DEPENDS += "gperf-native bison-native"
21 22
diff --git a/meta/recipes-core/libxml/libxml2_2.11.4.bb b/meta/recipes-core/libxml/libxml2_2.11.4.bb
index 713d0baf6c..cbf20504f8 100644
--- a/meta/recipes-core/libxml/libxml2_2.11.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.11.4.bb
@@ -23,10 +23,6 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223
23 23
24BINCONFIG = "${bindir}/xml2-config" 24BINCONFIG = "${bindir}/xml2-config"
25 25
26# Fixed since 2.9.11 via
27# https://gitlab.gnome.org/GNOME/libxml2/-/commit/c1ba6f54d32b707ca6d91cb3257ce9de82876b6f
28CVE_CHECK_IGNORE += "CVE-2016-3709"
29
30PACKAGECONFIG ??= "python \ 26PACKAGECONFIG ??= "python \
31 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \ 27 ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
32" 28"
diff --git a/meta/recipes-core/systemd/systemd_253.3.bb b/meta/recipes-core/systemd/systemd_253.3.bb
index 87fbf6f785..cf0e17ff00 100644
--- a/meta/recipes-core/systemd/systemd_253.3.bb
+++ b/meta/recipes-core/systemd/systemd_253.3.bb
@@ -834,6 +834,3 @@ pkg_postinst:udev-hwdb () {
834pkg_prerm:udev-hwdb () { 834pkg_prerm:udev-hwdb () {
835 rm -f $D${sysconfdir}/udev/hwdb.bin 835 rm -f $D${sysconfdir}/udev/hwdb.bin
836} 836}
837
838# This was also fixed in 252.4 with 9b75a3d0
839CVE_CHECK_IGNORE += "CVE-2022-4415"
diff --git a/meta/recipes-devtools/cmake/cmake.inc b/meta/recipes-devtools/cmake/cmake.inc
index 7788a5c45a..f57a77c7bb 100644
--- a/meta/recipes-devtools/cmake/cmake.inc
+++ b/meta/recipes-devtools/cmake/cmake.inc
@@ -23,6 +23,4 @@ SRC_URI[sha256sum] = "313b6880c291bd4fe31c0aa51d6e62659282a521e695f30d5cc0d25abb
23 23
24UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar" 24UPSTREAM_CHECK_REGEX = "cmake-(?P<pver>\d+(\.\d+)+)\.tar"
25 25
26# This is specific to the npm package that installs cmake, so isn't 26CVE_STATUS[CVE-2016-10642] = "cpe-incorrect: This is specific to the npm package that installs cmake, so isn't relevant to OpenEmbedded"
27# relevant to OpenEmbedded
28CVE_CHECK_IGNORE += "CVE-2016-10642"
diff --git a/meta/recipes-devtools/flex/flex_2.6.4.bb b/meta/recipes-devtools/flex/flex_2.6.4.bb
index 15cf6f5cca..1ac88d65ef 100644
--- a/meta/recipes-devtools/flex/flex_2.6.4.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -26,10 +26,10 @@ SRC_URI[sha256sum] = "e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c4
26 26
27GITHUB_BASE_URI = "https://github.com/westes/flex/releases" 27GITHUB_BASE_URI = "https://github.com/westes/flex/releases"
28 28
29# Disputed - yes there is stack exhaustion but no bug and it is building the
30# parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address
31# https://github.com/westes/flex/issues/414 29# https://github.com/westes/flex/issues/414
32CVE_CHECK_IGNORE += "CVE-2019-6293" 30CVE_STATUS[CVE-2019-6293] = "upstream-wontfix: \
31there is stack exhaustion but no bug and it is building the \
32parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address this."
33 33
34inherit autotools gettext texinfo ptest github-releases 34inherit autotools gettext texinfo ptest github-releases
35 35
diff --git a/meta/recipes-devtools/gcc/gcc-13.1.inc b/meta/recipes-devtools/gcc/gcc-13.1.inc
index 4da703db52..e94753eed0 100644
--- a/meta/recipes-devtools/gcc/gcc-13.1.inc
+++ b/meta/recipes-devtools/gcc/gcc-13.1.inc
@@ -111,5 +111,4 @@ EXTRA_OECONF_PATHS = "\
111 --with-build-sysroot=${STAGING_DIR_TARGET} \ 111 --with-build-sysroot=${STAGING_DIR_TARGET} \
112" 112"
113 113
114# Is a binutils 2.26 issue, not gcc 114CVE_STATUS[CVE-2021-37322] = "cpe-incorrect: Is a binutils 2.26 issue, not gcc"
115CVE_CHECK_IGNORE += "CVE-2021-37322"
diff --git a/meta/recipes-devtools/git/git_2.39.3.bb b/meta/recipes-devtools/git/git_2.39.3.bb
index 54a863acd2..3393550c85 100644
--- a/meta/recipes-devtools/git/git_2.39.3.bb
+++ b/meta/recipes-devtools/git/git_2.39.3.bb
@@ -27,13 +27,6 @@ LIC_FILES_CHKSUM = "\
27 27
28CVE_PRODUCT = "git-scm:git" 28CVE_PRODUCT = "git-scm:git"
29 29
30# This is about a manpage not mentioning --mirror may "leak" information
31# in mirrored git repos. Most OE users wouldn't build the docs and
32# we don't see this as a major issue for our general users/usecases.
33CVE_CHECK_IGNORE += "CVE-2022-24975"
34# This is specific to Git-for-Windows
35CVE_CHECK_IGNORE += "CVE-2022-41953"
36
37PACKAGECONFIG ??= "expat curl" 30PACKAGECONFIG ??= "expat curl"
38PACKAGECONFIG[cvsserver] = "" 31PACKAGECONFIG[cvsserver] = ""
39PACKAGECONFIG[svn] = "" 32PACKAGECONFIG[svn] = ""
diff --git a/meta/recipes-devtools/jquery/jquery_3.6.3.bb b/meta/recipes-devtools/jquery/jquery_3.6.3.bb
index 93f87f730d..db4745ad7a 100644
--- a/meta/recipes-devtools/jquery/jquery_3.6.3.bb
+++ b/meta/recipes-devtools/jquery/jquery_3.6.3.bb
@@ -20,9 +20,8 @@ SRC_URI[map.sha256sum] = "156b740931ade6c1a98d99713eeb186f93847ffc56057e973becab
20UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js" 20UPSTREAM_CHECK_REGEX = "jquery-(?P<pver>\d+(\.\d+)+)\.js"
21 21
22# https://github.com/jquery/jquery/issues/3927 22# https://github.com/jquery/jquery/issues/3927
23# There are ways jquery can expose security issues but any issues are in the apps exposing them 23CVE_STATUS[CVE-2007-2379] = "upstream-wontfix: There are ways jquery can expose security issues but any issues \
24# and there is little we can directly do 24are in the apps exposing them and there is little we can directly do."
25CVE_CHECK_IGNORE += "CVE-2007-2379"
26 25
27inherit allarch 26inherit allarch
28 27
diff --git a/meta/recipes-devtools/ninja/ninja_1.11.1.bb b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
index 83d2f01263..8e297ec4d4 100644
--- a/meta/recipes-devtools/ninja/ninja_1.11.1.bb
+++ b/meta/recipes-devtools/ninja/ninja_1.11.1.bb
@@ -30,5 +30,4 @@ do_install() {
30 30
31BBCLASSEXTEND = "native nativesdk" 31BBCLASSEXTEND = "native nativesdk"
32 32
33# This is a different Ninja 33CVE_STATUS[CVE-2021-4336] = "cpe-incorrect: This is a different Ninja"
34CVE_CHECK_IGNORE += "CVE-2021-4336"
diff --git a/meta/recipes-devtools/python/python3_3.11.4.bb b/meta/recipes-devtools/python/python3_3.11.4.bb
index 7a277facf7..b3534ad678 100644
--- a/meta/recipes-devtools/python/python3_3.11.4.bb
+++ b/meta/recipes-devtools/python/python3_3.11.4.bb
@@ -47,17 +47,13 @@ UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
47 47
48CVE_PRODUCT = "python" 48CVE_PRODUCT = "python"
49 49
50# Upstream consider this expected behaviour 50CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
51CVE_CHECK_IGNORE += "CVE-2007-4559" 51CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
52# This is not exploitable when glibc has CVE-2016-10739 fixed. 52CVE_STATUS[CVE-2020-15523] = "not-applicable-platform: Issue only applies on Windows"
53CVE_CHECK_IGNORE += "CVE-2019-18348" 53CVE_STATUS[CVE-2022-26488] = "not-applicable-platform: Issue only applies on Windows"
54# These are specific to Microsoft Windows
55CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
56# The mailcap module is insecure by design, so this can't be fixed in a meaningful way.
57# The module will be removed in the future and flaws documented. 54# The module will be removed in the future and flaws documented.
58CVE_CHECK_IGNORE += "CVE-2015-20107" 55CVE_STATUS[CVE-2015-20107] = "upstream-wontfix: The mailcap module is insecure by design, so this can't be fixed in a meaningful way"
59# Not an issue, in fact expected behaviour 56# CVE_STATUS[CVE-2023-36632] = "disputed: Not an issue, in fact expected behaviour"
60CVE_CHECK_IGNORE += "CVE-2023-36632"
61 57
62PYTHON_MAJMIN = "3.11" 58PYTHON_MAJMIN = "3.11"
63 59
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 16581db69d..64bade86aa 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -38,21 +38,16 @@ SRC_URI[sha256sum] = "ecf4d32cbef9d397bfc8cc50e4d1e92a1b30253bf32e8ee73c7a8dcf9a
38SRC_URI:append:class-target = " file://cross.patch" 38SRC_URI:append:class-target = " file://cross.patch"
39SRC_URI:append:class-nativesdk = " file://cross.patch" 39SRC_URI:append:class-nativesdk = " file://cross.patch"
40 40
41# Applies against virglrender < 0.6.0 and not qemu itself 41CVE_STATUS[CVE-2017-5957] = "cpe-incorrect: Applies against virglrender < 0.6.0 and not qemu itself"
42CVE_CHECK_IGNORE += "CVE-2017-5957"
43 42
44# The VNC server can expose host files uder some circumstances. We don't 43CVE_STATUS[CVE-2007-0998] = "not-applicable-config: The VNC server can expose host files uder some circumstances. We don't enable it by default."
45# enable it by default.
46CVE_CHECK_IGNORE += "CVE-2007-0998"
47 44
48# 'The issues identified by this CVE were determined to not constitute a vulnerability.'
49# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11 45# https://bugzilla.redhat.com/show_bug.cgi?id=1609015#c11
50CVE_CHECK_IGNORE += "CVE-2018-18438" 46CVE_STATUS[CVE-2018-18438] = "disputed: The issues identified by this CVE were determined to not constitute a vulnerability."
51 47
52# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664 48# As per https://nvd.nist.gov/vuln/detail/CVE-2023-0664
53# https://bugzilla.redhat.com/show_bug.cgi?id=2167423 49# https://bugzilla.redhat.com/show_bug.cgi?id=2167423
54# this bug related to windows specific. 50CVE_STATUS[CVE-2023-0664] = "not-applicable-platform: Issue only applies on Windows"
55CVE_CHECK_IGNORE += "CVE-2023-0664"
56 51
57COMPATIBLE_HOST:mipsarchn32 = "null" 52COMPATIBLE_HOST:mipsarchn32 = "null"
58COMPATIBLE_HOST:mipsarchn64 = "null" 53COMPATIBLE_HOST:mipsarchn64 = "null"
diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
index 19574bcb1c..130581a785 100644
--- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb
@@ -18,9 +18,6 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
18 " 18 "
19SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" 19SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb"
20 20
21# -16548 required for v3.1.3pre1. Already in v3.1.3.
22CVE_CHECK_IGNORE += " CVE-2017-16548 "
23
24inherit autotools-brokensep 21inherit autotools-brokensep
25 22
26PACKAGECONFIG ??= "acl attr \ 23PACKAGECONFIG ??= "acl attr \
diff --git a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
index 982f370edb..91fc81352e 100644
--- a/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
+++ b/meta/recipes-devtools/tcltk/tcl_8.6.13.bb
@@ -29,10 +29,6 @@ SRC_URI[sha256sum] = "c61f0d6699e2bc7691f119b41963aaa8dc980f23532c4e937739832a5f
29 29
30SRC_URI:class-native = "${BASE_SRC_URI}" 30SRC_URI:class-native = "${BASE_SRC_URI}"
31 31
32# Upstream don't believe this is an exploitable issue
33# https://core.tcl-lang.org/tcl/info/7079e4f91601e9c7
34CVE_CHECK_IGNORE += "CVE-2021-35331"
35
36UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html" 32UPSTREAM_CHECK_URI = "https://www.tcl.tk/software/tcltk/download.html"
37UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src" 33UPSTREAM_CHECK_REGEX = "tcl(?P<pver>\d+(\.\d+)+)-src"
38 34
diff --git a/meta/recipes-extended/cpio/cpio_2.14.bb b/meta/recipes-extended/cpio/cpio_2.14.bb
index 45eb9de8e0..560038d2a6 100644
--- a/meta/recipes-extended/cpio/cpio_2.14.bb
+++ b/meta/recipes-extended/cpio/cpio_2.14.bb
@@ -16,8 +16,7 @@ SRC_URI[sha256sum] = "145a340fd9d55f0b84779a44a12d5f79d77c99663967f8cfa168d7905c
16 16
17inherit autotools gettext texinfo ptest 17inherit autotools gettext texinfo ptest
18 18
19# Issue applies to use of cpio in SUSE/OBS, doesn't apply to us 19CVE_STATUS[CVE-2010-4226] = "not-applicable-platform: Issue applies to use of cpio in SUSE/OBS"
20CVE_CHECK_IGNORE += "CVE-2010-4226"
21 20
22EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}" 21EXTRA_OECONF += "DEFAULT_RMT_DIR=${sbindir}"
23 22
diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index da320b1085..36feaddcf8 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -19,14 +19,11 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/cups-${PV}-source.tar.gz \
19 19
20GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases" 20GITHUB_BASE_URI = "https://github.com/OpenPrinting/cups/releases"
21 21
22# Issue only applies to MacOS 22CVE_STATUS[CVE-2008-1033] = "not-applicable-platform: Issue only applies to MacOS"
23CVE_CHECK_IGNORE += "CVE-2008-1033" 23CVE_STATUS[CVE-2009-0032] = "cpe-incorrect: Issue affects pdfdistiller plugin used with but not part of cups"
24# Issue affects pdfdistiller plugin used with but not part of cups 24CVE_STATUS[CVE-2018-6553] = "not-applicable-platform: This is an Ubuntu only issue"
25CVE_CHECK_IGNORE += "CVE-2009-0032" 25CVE_STATUS[CVE-2022-26691] = "fixed-version: This is fixed in 2.4.2 but the cve-check class still reports it"
26# This is an Ubuntu only issue. 26CVE_STATUS[CVE-2021-25317] = "not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply."
27CVE_CHECK_IGNORE += "CVE-2018-6553"
28# This is fixed in 2.4.2 but the cve-check class still reports it
29CVE_CHECK_IGNORE += "CVE-2022-26691"
30 27
31LEAD_SONAME = "libcupsdriver.so" 28LEAD_SONAME = "libcupsdriver.so"
32 29
@@ -114,7 +111,3 @@ SYSROOT_PREPROCESS_FUNCS += "cups_sysroot_preprocess"
114cups_sysroot_preprocess () { 111cups_sysroot_preprocess () {
115 sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:' 112 sed -i ${SYSROOT_DESTDIR}${bindir_crossscripts}/cups-config -e 's:cups_datadir=.*:cups_datadir=${datadir}/cups:' -e 's:cups_serverbin=.*:cups_serverbin=${libexecdir}/cups:'
116} 113}
117
118# -25317 concerns /var/log/cups having lp ownership. Our /var/log/cups is
119# root:root, so this doesn't apply.
120CVE_CHECK_IGNORE += "CVE-2021-25317"
diff --git a/meta/recipes-extended/iputils/iputils_20221126.bb b/meta/recipes-extended/iputils/iputils_20221126.bb
index cd5fe9bd3e..7d94271a64 100644
--- a/meta/recipes-extended/iputils/iputils_20221126.bb
+++ b/meta/recipes-extended/iputils/iputils_20221126.bb
@@ -17,9 +17,8 @@ S = "${WORKDIR}/git"
17 17
18UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)" 18UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>20\d+)"
19 19
20# Fixed in 2000-10-10, but the versioning of iputils 20CVE_STATUS[CVE-2000-1213] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
21# breaks the version order. 21CVE_STATUS[CVE-2000-1214] = "fixed-version: Fixed in 2000-10-10, but the versioning of iputils breaks the version order."
22CVE_CHECK_IGNORE += "CVE-2000-1213 CVE-2000-1214"
23 22
24PACKAGECONFIG ??= "libcap" 23PACKAGECONFIG ??= "libcap"
25PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native" 24PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false -DNO_SETCAP_OR_SUID=true, libcap libcap-native"
diff --git a/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb b/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
index f55e0b0ed1..d466905426 100644
--- a/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
+++ b/meta/recipes-extended/libtirpc/libtirpc_1.3.3.bb
@@ -14,8 +14,7 @@ UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/libtirpc/files/libtirpc/"
14UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/" 14UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)/"
15SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3" 15SRC_URI[sha256sum] = "6474e98851d9f6f33871957ddee9714fdcd9d8a5ee9abb5a98d63ea2e60e12f3"
16 16
17# Was fixed in 1.3.3rc1 so not present in 1.3.3 17CVE_STATUS[CVE-2021-46828] = "fixed-version: fixed in 1.3.3rc1 so not present in 1.3.3"
18CVE_CHECK_IGNORE += "CVE-2021-46828"
19 18
20inherit autotools pkgconfig 19inherit autotools pkgconfig
21 20
diff --git a/meta/recipes-extended/procps/procps_4.0.3.bb b/meta/recipes-extended/procps/procps_4.0.3.bb
index cc3420df4e..dc0e957bda 100644
--- a/meta/recipes-extended/procps/procps_4.0.3.bb
+++ b/meta/recipes-extended/procps/procps_4.0.3.bb
@@ -72,10 +72,6 @@ python __anonymous() {
72 d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog)) 72 d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
73} 73}
74 74
75# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
76# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
77CVE_CHECK_IGNORE += "CVE-2018-1121"
78
79PROCPS_PACKAGES = "${PN}-lib \ 75PROCPS_PACKAGES = "${PN}-lib \
80 ${PN}-ps \ 76 ${PN}-ps \
81 ${PN}-sysctl" 77 ${PN}-sysctl"
diff --git a/meta/recipes-extended/shadow/shadow_4.13.bb b/meta/recipes-extended/shadow/shadow_4.13.bb
index d1a3fd5593..4e55446312 100644
--- a/meta/recipes-extended/shadow/shadow_4.13.bb
+++ b/meta/recipes-extended/shadow/shadow_4.13.bb
@@ -6,9 +6,6 @@ BUILD_LDFLAGS:append:class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'p
6 6
7BBCLASSEXTEND = "native nativesdk" 7BBCLASSEXTEND = "native nativesdk"
8 8
9# Severity is low and marked as closed and won't fix.
10# https://bugzilla.redhat.com/show_bug.cgi?id=884658 9# https://bugzilla.redhat.com/show_bug.cgi?id=884658
11CVE_CHECK_IGNORE += "CVE-2013-4235" 10CVE_STATUS[CVE-2013-4235] = "upstream-wontfix: Severity is low and marked as closed and won't fix."
12 11CVE_STATUS[CVE-2016-15024] = "cpe-incorrect: This is an issue for a different shadow"
13# This is an issue for a different shadow
14CVE_CHECK_IGNORE += "CVE-2016-15024"
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb
index 3051e9b5bc..a53663d086 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -39,8 +39,7 @@ UPSTREAM_VERSION_UNKNOWN = "1"
39SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" 39SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
40SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37" 40SRC_URI[sha256sum] = "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
41 41
42# Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source 42CVE_STATUS[CVE-2008-0888] = "fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source"
43CVE_CHECK_IGNORE += "CVE-2008-0888"
44 43
45# exclude version 5.5.2 which triggers a false positive 44# exclude version 5.5.2 which triggers a false positive
46UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz" 45UPSTREAM_CHECK_REGEX = "unzip(?P<pver>(?!552).+)\.tgz"
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
index c390fcf33c..72eb1ae067 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.4.bb
@@ -18,7 +18,7 @@ SRCREV = "6a4af7786630ce48747d9687e2f18f45ea6684c4"
18S = "${WORKDIR}/git" 18S = "${WORKDIR}/git"
19 19
20# https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision 20# https://github.com/xinetd-org/xinetd/pull/10 is merged into this git tree revision
21CVE_CHECK_IGNORE += "CVE-2013-4342" 21CVE_STATUS[CVE-2013-4342] = "fixed-version: Fixed directly in git tree revision"
22 22
23inherit autotools update-rc.d systemd pkgconfig 23inherit autotools update-rc.d systemd pkgconfig
24 24
diff --git a/meta/recipes-extended/zip/zip_3.0.bb b/meta/recipes-extended/zip/zip_3.0.bb
index 82153131b4..3425e8eb7b 100644
--- a/meta/recipes-extended/zip/zip_3.0.bb
+++ b/meta/recipes-extended/zip/zip_3.0.bb
@@ -26,11 +26,8 @@ UPSTREAM_VERSION_UNKNOWN = "1"
26SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37" 26SRC_URI[md5sum] = "7b74551e63f8ee6aab6fbc86676c0d37"
27SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369" 27SRC_URI[sha256sum] = "f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369"
28 28
29# Disputed and also Debian doesn't consider a vulnerability 29CVE_STATUS[CVE-2018-13410] = "disputed: Disputed and also Debian doesn't consider a vulnerability"
30CVE_CHECK_IGNORE += "CVE-2018-13410" 30CVE_STATUS[CVE-2018-13684] = "cpe-incorrect: Not for zip but for smart contract implementation for it"
31
32# Not for zip but for smart contract implementation for it
33CVE_CHECK_IGNORE += "CVE-2018-13684"
34 31
35# zip.inc sets CFLAGS, but what Makefile actually uses is 32# zip.inc sets CFLAGS, but what Makefile actually uses is
36# CFLAGS_NOOPT. It will also force -O3 optimization, overriding 33# CFLAGS_NOOPT. It will also force -O3 optimization, overriding
diff --git a/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb b/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
index 08e9899d00..6888c33d14 100644
--- a/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
+++ b/meta/recipes-gnome/libnotify/libnotify_0.8.2.bb
@@ -33,4 +33,4 @@ RCONFLICTS:${PN} += "libnotify3"
33RREPLACES:${PN} += "libnotify3" 33RREPLACES:${PN} += "libnotify3"
34 34
35# -7381 is specific to the NodeJS bindings 35# -7381 is specific to the NodeJS bindings
36CVE_CHECK_IGNORE += "CVE-2013-7381" 36CVE_STATUS[CVE-2013-7381] = "cpe-incorrect: The issue is specific to the NodeJS bindings"
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb b/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
index 5649ed7d17..edd7ad38fd 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.56.1.bb
@@ -50,8 +50,7 @@ do_compile:prepend() {
50 sed -ie 's,"linker": ".*","linker": "${RUST_TARGET_CC}",g' ${RUST_TARGETS_DIR}/${RUST_HOST_SYS}.json 50 sed -ie 's,"linker": ".*","linker": "${RUST_TARGET_CC}",g' ${RUST_TARGETS_DIR}/${RUST_HOST_SYS}.json
51} 51}
52 52
53# Issue only on windows 53CVE_STATUS[CVE-2018-1000041] = "not-applicable-platform: Issue only applies on Windows"
54CVE_CHECK_IGNORE += "CVE-2018-1000041"
55 54
56CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders" 55CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
57 56
diff --git a/meta/recipes-graphics/builder/builder_0.1.bb b/meta/recipes-graphics/builder/builder_0.1.bb
index 39be3bd63f..1700015ded 100644
--- a/meta/recipes-graphics/builder/builder_0.1.bb
+++ b/meta/recipes-graphics/builder/builder_0.1.bb
@@ -29,5 +29,4 @@ do_install () {
29 chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh 29 chown builder.builder ${D}${sysconfdir}/mini_x/session.d/builder_session.sh
30} 30}
31 31
32# -4178 is an unrelated 'builder' 32CVE_STATUS[CVE-2008-4178] = "cpe-incorrect: This CVE is for an unrelated builder"
33CVE_CHECK_IGNORE = "CVE-2008-4178"
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index ecb164ddf7..085fcaf87a 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -20,16 +20,15 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
20UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar" 20UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
21 21
22CVE_PRODUCT = "xorg-server x_server" 22CVE_PRODUCT = "xorg-server x_server"
23# This is specific to Debian's xserver-wrapper.c 23
24CVE_CHECK_IGNORE += "CVE-2011-4613" 24CVE_STATUS[CVE-2011-4613] = "not-applicable-platform: This is specific to Debian's xserver-wrapper.c"
25# As per upstream, exploiting this flaw is non-trivial and it requires exact 25CVE_STATUS[CVE-2020-25697] = "upstream-wontfix: \
26# timing on the behalf of the attacker. Many graphical applications exit if their 26As per upstream, exploiting this flaw is non-trivial and it requires exact \
27# connection to the X server is lost, so a typical desktop session is either 27timing on the behalf of the attacker. Many graphical applications exit if their \
28# impossible or difficult to exploit. There is currently no upstream patch 28connection to the X server is lost, so a typical desktop session is either \
29# available for this flaw. 29impossible or difficult to exploit. There is currently no upstream patch \
30CVE_CHECK_IGNORE += "CVE-2020-25697" 30available for this flaw."
31# This is specific to XQuartz, which is the macOS X server port 31CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port"
32CVE_CHECK_IGNORE += "CVE-2022-3553"
33 32
34S = "${WORKDIR}/${XORG_PN}-${PV}" 33S = "${WORKDIR}/${XORG_PN}-${PV}"
35 34
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 6a0bd19447..2eb4836c35 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,26 +1,24 @@
1# This is specific to Ubuntu 1CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu"
2CVE_CHECK_IGNORE += "CVE-2018-6559"
3 2
4# https://www.linuxkernelcves.com/cves/CVE-2019-3016 3# https://www.linuxkernelcves.com/cves/CVE-2019-3016
5# Fixed with 5.6 4# Fixed with 5.6
6CVE_CHECK_IGNORE += "CVE-2019-3016" 5CVE_STATUS[CVE-2019-3016] = "fixed-version: Fixed in version v5.6"
7 6
8# https://www.linuxkernelcves.com/cves/CVE-2019-3819 7# https://www.linuxkernelcves.com/cves/CVE-2019-3819
9# Fixed with 5.1 8# Fixed with 5.1
10CVE_CHECK_IGNORE += "CVE-2019-3819" 9CVE_STATUS[CVE-2019-3819] = "fixed-version: Fixed in version v5.1"
11 10
12# https://www.linuxkernelcves.com/cves/CVE-2019-3887 11# https://www.linuxkernelcves.com/cves/CVE-2019-3887
13# Fixed with 5.2 12# Fixed with 5.2
14CVE_CHECK_IGNORE += "CVE-2019-3887" 13CVE_STATUS[CVE-2019-3887] = "fixed-version: Fixed in version v5.2"
15 14
16# This is specific to aufs, which is not in linux-yocto 15CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto"
17CVE_CHECK_IGNORE += "CVE-2020-11935"
18 16
19# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 17# https://nvd.nist.gov/vuln/detail/CVE-2020-27784
20# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 18# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9
21# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 19# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1
22# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 20# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3
23CVE_CHECK_IGNORE += "CVE-2020-27784" 21CVE_STATUS[CVE-2020-27784] = "cpe-stable-backport: Backported in version v5.4.73"
24 22
25 23
26# 2021 24# 2021
@@ -28,19 +26,19 @@ CVE_CHECK_IGNORE += "CVE-2020-27784"
28# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 26# https://nvd.nist.gov/vuln/detail/CVE-2021-3669
29# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 27# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
30# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 28# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9
31CVE_CHECK_IGNORE += "CVE-2021-3669" 29CVE_STATUS[CVE-2021-3669] = "fixed-version: Fixed in version v5.15"
32 30
33# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 31# https://nvd.nist.gov/vuln/detail/CVE-2021-3759
34# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 32# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996
35# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f 33# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f
36# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 34# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92
37# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 35# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196
38CVE_CHECK_IGNORE += "CVE-2021-3759" 36CVE_STATUS[CVE-2021-3759] = "cpe-stable-backport: Backported in versions v5.4.224 and v6.1.11"
39 37
40# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 38# https://nvd.nist.gov/vuln/detail/CVE-2021-4218
41# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 39# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
42# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 40# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469
43CVE_CHECK_IGNORE += "CVE-2021-4218" 41CVE_STATUS[CVE-2021-4218] = "fixed-version: Fixed in version v5.8"
44 42
45 43
46# 2022 44# 2022
@@ -48,7 +46,7 @@ CVE_CHECK_IGNORE += "CVE-2021-4218"
48# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 46# https://nvd.nist.gov/vuln/detail/CVE-2022-0480
49# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 47# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
50# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 48# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042
51CVE_CHECK_IGNORE += "CVE-2022-0480" 49CVE_STATUS[CVE-2022-0480] = "fixed-version: Fixed in version v5.15"
52 50
53# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 51# https://nvd.nist.gov/vuln/detail/CVE-2022-1184
54# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 52# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -56,7 +54,7 @@ CVE_CHECK_IGNORE += "CVE-2022-0480"
56# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 54# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064
57# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb 55# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb
58# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d 56# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d
59CVE_CHECK_IGNORE += "CVE-2022-1184" 57CVE_STATUS[CVE-2022-1184] = "cpe-stable-backport: Backported in versions v5.4.198, v5.10.121 and v5.15.46"
60 58
61# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 59# https://nvd.nist.gov/vuln/detail/CVE-2022-1462
62# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 60# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -64,7 +62,7 @@ CVE_CHECK_IGNORE += "CVE-2022-1184"
64# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 62# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132
65# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c 63# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c
66# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 64# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29
67CVE_CHECK_IGNORE += "CVE-2022-1462" 65CVE_STATUS[CVE-2022-1462] = "cpe-stable-backport: Backported in versions v5.4.208, v5.10.134 and v5.15.58"
68 66
69# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 67# https://nvd.nist.gov/vuln/detail/CVE-2022-2196
70# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54 68# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54
@@ -74,19 +72,19 @@ CVE_CHECK_IGNORE += "CVE-2022-1462"
74# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 72# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349
75# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 73# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35
76# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 74# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15
77CVE_CHECK_IGNORE += "CVE-2022-2196" 75CVE_STATUS[CVE-2022-2196] = "cpe-stable-backport: Backported in versions v5.4.1233, v5.10.170, v5.15.46 and v6.1.14"
78 76
79# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 77# https://nvd.nist.gov/vuln/detail/CVE-2022-2308
80# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e 78# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e
81# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b 79# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b
82# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a 80# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a
83# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac 81# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac
84CVE_CHECK_IGNORE += "CVE-2022-2308" 82CVE_STATUS[CVE-2022-2308] = "cpe-stable-backport: Backported in versions v5.15.72 and v5.19.14"
85 83
86# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 84# https://nvd.nist.gov/vuln/detail/CVE-2022-2327
87# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 85# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
88# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 86# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859
89CVE_CHECK_IGNORE += "CVE-2022-2327" 87CVE_STATUS[CVE-2022-2327] = "fixed-version: Fixed in version v5.10.125"
90 88
91# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 89# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
92# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 90# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008
@@ -95,19 +93,19 @@ CVE_CHECK_IGNORE += "CVE-2022-2327"
95# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca 93# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca
96# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 94# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4
97# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d 95# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d
98CVE_CHECK_IGNORE += "CVE-2022-2663" 96CVE_STATUS[CVE-2022-2663] = "cpe-stable-backport: Backported in versions v5.4.213, v5.10.143, v5.15.68 and v5.19.9"
99 97
100# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 98# https://nvd.nist.gov/vuln/detail/CVE-2022-2785
101# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 99# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
102# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 100# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46
103# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd 101# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd
104CVE_CHECK_IGNORE += "CVE-2022-2785" 102CVE_STATUS[CVE-2022-2785] = "cpe-stable-backport: Backported in version v5.19.4"
105 103
106# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 104# https://nvd.nist.gov/vuln/detail/CVE-2022-3176
107# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 105# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58
108# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 106# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396
109# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 107# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5
110CVE_CHECK_IGNORE += "CVE-2022-3176" 108CVE_STATUS[CVE-2022-3176] = "cpe-stable-backport: Backported in version v5.15.65"
111 109
112# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 110# https://nvd.nist.gov/vuln/detail/CVE-2022-3424
113# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf 111# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
@@ -116,7 +114,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3176"
116# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c 114# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c
117# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 115# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106
118# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e 116# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e
119CVE_CHECK_IGNORE += "CVE-2022-3424" 117CVE_STATUS[CVE-2022-3424] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.86 and v 6.1.2"
120 118
121# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 119# https://nvd.nist.gov/vuln/detail/CVE-2022-3435
122# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 120# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82
@@ -127,18 +125,18 @@ CVE_CHECK_IGNORE += "CVE-2022-3424"
127# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 125# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32
128# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e 126# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e
129# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 127# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133
130CVE_CHECK_IGNORE += "CVE-2022-3435" 128CVE_STATUS[CVE-2022-3435] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.158 and v5.15.82"
131 129
132# https://nvd.nist.gov/vuln/detail/CVE-2022-3523 130# https://nvd.nist.gov/vuln/detail/CVE-2022-3523
133# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 131# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
134# Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33 132# Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33
135CVE_CHECK_IGNORE += "CVE-2022-3523" 133CVE_STATUS[CVE-2022-3523] = "fixed-version: Fixed in version v6.1"
136 134
137# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 135# https://nvd.nist.gov/vuln/detail/CVE-2022-3526
138# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d 136# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d
139# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 137# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442
140# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b 138# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b
141CVE_CHECK_IGNORE += "CVE-2022-3526" 139CVE_STATUS[CVE-2022-3526] = "cpe-stable-backport: Backported in version v5.15.35"
142 140
143# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 141# https://nvd.nist.gov/vuln/detail/CVE-2022-3534
144# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 142# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59
@@ -146,30 +144,30 @@ CVE_CHECK_IGNORE += "CVE-2022-3526"
146# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 144# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8
147# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b 145# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b
148# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d 146# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d
149CVE_CHECK_IGNORE += "CVE-2022-3534" 147CVE_STATUS[CVE-2022-3534] = "cpe-stable-backport: Backported in versions v5.10.163, v5.15.86 and v6.1.2"
150 148
151# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 149# https://nvd.nist.gov/vuln/detail/CVE-2022-3564
152# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 150# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060
153# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 151# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966
154# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 152# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569
155# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde 153# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde
156CVE_CHECK_IGNORE += "CVE-2022-3564" 154CVE_STATUS[CVE-2022-3564] = "cpe-stable-backport: Backported in versions v5.10.154 and v5.15.78"
157 155
158# https://nvd.nist.gov/vuln/detail/CVE-2022-3566 156# https://nvd.nist.gov/vuln/detail/CVE-2022-3566
159# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 157# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
160# Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 158# Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57
161CVE_CHECK_IGNORE += "CVE-2022-3566" 159CVE_STATUS[CVE-2022-3566] = "fixed-version: Fixed in version v6.1"
162 160
163# https://nvd.nist.gov/vuln/detail/CVE-2022-3567 161# https://nvd.nist.gov/vuln/detail/CVE-2022-3567
164# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 162# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
165# Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6 163# Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
166CVE_CHECK_IGNORE += "CVE-2022-3567" 164CVE_STATUS[CVE-2022-3567] = "fixed-version: Fixed in version v6.1"
167 165
168# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 166# https://nvd.nist.gov/vuln/detail/CVE-2022-3619
169# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 167# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528
170# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 168# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42
171# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c 169# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c
172CVE_CHECK_IGNORE += "CVE-2022-3619" 170CVE_STATUS[CVE-2022-3619] = "cpe-stable-backport: Backported in version v5.15.78"
173 171
174# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 172# https://nvd.nist.gov/vuln/detail/CVE-2022-3621
175# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 173# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184
@@ -178,7 +176,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3619"
178# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 176# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2
179# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 177# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55
180# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd 178# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd
181CVE_CHECK_IGNORE += "CVE-2022-3621" 179CVE_STATUS[CVE-2022-3621] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
182 180
183# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 181# https://nvd.nist.gov/vuln/detail/CVE-2022-3623
184# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 182# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8
@@ -187,12 +185,12 @@ CVE_CHECK_IGNORE += "CVE-2022-3621"
187# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 185# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850
188# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff 186# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff
189# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 187# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54
190CVE_CHECK_IGNORE += "CVE-2022-3623" 188CVE_STATUS[CVE-2022-3623] = "cpe-stable-backport: Backported in versions v5.4.228, v5.10.159, v5.15.78 and v 5.19.17"
191 189
192# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 190# https://nvd.nist.gov/vuln/detail/CVE-2022-3624
193# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e 191# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e
194# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 192# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971
195CVE_CHECK_IGNORE += "CVE-2022-3624" 193CVE_STATUS[CVE-2022-3624] = "fixed-version: Fixed in version v6.0"
196 194
197# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 195# https://nvd.nist.gov/vuln/detail/CVE-2022-3625
198# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 196# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0
@@ -201,7 +199,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3624"
201# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 199# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33
202# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 200# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301
203# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 201# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9
204CVE_CHECK_IGNORE += "CVE-2022-3625" 202CVE_STATUS[CVE-2022-3625] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
205 203
206# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 204# https://nvd.nist.gov/vuln/detail/CVE-2022-3629
207# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 205# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238
@@ -210,13 +208,13 @@ CVE_CHECK_IGNORE += "CVE-2022-3625"
210# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 208# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50
211# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 209# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795
212# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 210# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72
213CVE_CHECK_IGNORE += "CVE-2022-3629" 211CVE_STATUS[CVE-2022-3629] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
214 212
215# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 213# https://nvd.nist.gov/vuln/detail/CVE-2022-3630
216# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da 214# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da
217# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 215# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1
218# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b 216# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b
219CVE_CHECK_IGNORE += "CVE-2022-3630" 217CVE_STATUS[CVE-2022-3630] = "cpe-stable-backport: Backported in version v5.19.4"
220 218
221# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 219# https://nvd.nist.gov/vuln/detail/CVE-2022-3633
222# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c 220# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c
@@ -225,7 +223,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3630"
225# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 223# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027
226# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 224# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2
227# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de 225# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de
228CVE_CHECK_IGNORE += "CVE-2022-3633" 226CVE_STATUS[CVE-2022-3633] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
229 227
230# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 228# https://nvd.nist.gov/vuln/detail/CVE-2022-3635
231# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 229# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -234,12 +232,12 @@ CVE_CHECK_IGNORE += "CVE-2022-3633"
234# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e 232# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e
235# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 233# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4
236# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 234# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835
237CVE_CHECK_IGNORE += "CVE-2022-3635" 235CVE_STATUS[CVE-2022-3635] = "cpe-stable-backport: Backported in versions v5.4.211, v5.10.138, v5.15.63 and v5.19.4"
238 236
239# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 237# https://nvd.nist.gov/vuln/detail/CVE-2022-3636
240# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 238# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7
241# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 239# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6
242CVE_CHECK_IGNORE += "CVE-2022-3636" 240CVE_STATUS[CVE-2022-3636] = "cpe-stable-backport: Backported in version v5.19"
243 241
244# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 242# https://nvd.nist.gov/vuln/detail/CVE-2022-3640
245# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 243# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0
@@ -250,7 +248,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3636"
250# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab 248# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab
251# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd 249# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd
252# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a 250# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a
253CVE_CHECK_IGNORE += "CVE-2022-3640" 251CVE_STATUS[CVE-2022-3640] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
254 252
255# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 253# https://nvd.nist.gov/vuln/detail/CVE-2022-3646
256# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 254# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453
@@ -259,7 +257,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3640"
259# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee 257# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee
260# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc 258# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc
261# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 259# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570
262CVE_CHECK_IGNORE += "CVE-2022-3646" 260CVE_STATUS[CVE-2022-3646] = "cpe-stable-backport: Backported in versions v5.4.218, v5.10.148, v5.15.74 and v5.19.16"
263 261
264# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 262# https://nvd.nist.gov/vuln/detail/CVE-2022-3649
265# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 263# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -268,7 +266,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3646"
268# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 266# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652
269# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 267# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006
270# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 268# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4
271CVE_CHECK_IGNORE += "CVE-2022-3649" 269CVE_STATUS[CVE-2022-3649] = "cpe-stable-backport: Backported in versions v5.4.220, v5.10.148, v5.15.74 and v5.19.16"
272 270
273# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 271# https://nvd.nist.gov/vuln/detail/CVE-2022-4382
274# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 272# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191
@@ -277,7 +275,7 @@ CVE_CHECK_IGNORE += "CVE-2022-3649"
277# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 275# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4
278# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 276# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9
279# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 277# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3
280CVE_CHECK_IGNORE += "CVE-2022-4382" 278CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in versions v5.4.230, v5.10.165, v5.15.90 and v6.1.8"
281 279
282# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 280# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
283# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 281# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -285,7 +283,7 @@ CVE_CHECK_IGNORE += "CVE-2022-4382"
285# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 283# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
286# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 284# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
287# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 285# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
288CVE_CHECK_IGNORE += "CVE-2022-26365" 286CVE_STATUS[CVE-2022-26365] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
289 287
290# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 288# https://nvd.nist.gov/vuln/detail/CVE-2022-33740
291# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 289# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -293,7 +291,7 @@ CVE_CHECK_IGNORE += "CVE-2022-26365"
293# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 291# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14
294# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 292# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404
295# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 293# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961
296CVE_CHECK_IGNORE += "CVE-2022-33740" 294CVE_STATUS[CVE-2022-33740] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
297 295
298# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 296# https://nvd.nist.gov/vuln/detail/CVE-2022-33741
299# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 297# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -301,7 +299,7 @@ CVE_CHECK_IGNORE += "CVE-2022-33740"
301# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd 299# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd
302# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca 300# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca
303# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 301# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49
304CVE_CHECK_IGNORE += "CVE-2022-33741" 302CVE_STATUS[CVE-2022-33741] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
305 303
306# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 304# https://nvd.nist.gov/vuln/detail/CVE-2022-33742
307# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 305# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -309,15 +307,15 @@ CVE_CHECK_IGNORE += "CVE-2022-33741"
309# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 307# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997
310# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 308# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6
311# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 309# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3
312CVE_CHECK_IGNORE += "CVE-2022-33742" 310CVE_STATUS[CVE-2022-33742] = "cpe-stable-backport: Backported in versions v5.4.204, v5.10.129 and v5.15.53"
313 311
314# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 312# https://nvd.nist.gov/vuln/detail/CVE-2022-42895
315# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 313# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
316# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e 314# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e
317# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
318# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
319# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 315# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89
320CVE_CHECK_IGNORE += "CVE-2022-42895" 316# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7
317# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422
318CVE_STATUS[CVE-2022-42895] = "cpe-stable-backport: Backported in versions v5.4.224, v5.10.154 and v5.15.78"
321 319
322# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 320# https://nvd.nist.gov/vuln/detail/CVE-2022-42896
323# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 321# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
@@ -325,7 +323,7 @@ CVE_CHECK_IGNORE += "CVE-2022-42895"
325# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b 323# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b
326# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 324# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476
327# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a 325# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a
328CVE_CHECK_IGNORE += "CVE-2022-42896" 326CVE_STATUS[CVE-2022-42896] = "cpe-stable-backport: Backported in versions v5.4.226, v5.10.154 and v5.15.78"
329 327
330# https://nvd.nist.gov/vuln/detail/CVE-2022-38457 328# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
331# https://nvd.nist.gov/vuln/detail/CVE-2022-40133 329# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
@@ -337,10 +335,11 @@ CVE_CHECK_IGNORE += "CVE-2022-42896"
337# * https://www.linuxkernelcves.com/cves/CVE-2022-38457 335# * https://www.linuxkernelcves.com/cves/CVE-2022-38457
338# * https://www.linuxkernelcves.com/cves/CVE-2022-40133 336# * https://www.linuxkernelcves.com/cves/CVE-2022-40133
339# * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/ 337# * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/
340CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133" 338CVE_STATUS[CVE-2022-38457] = "cpe-stable-backport: Backported in version v6.1.7"
339CVE_STATUS[CVE-2022-40133] = "cpe-stable-backport: Backported in version v6.1.7"
341 340
342# Backported to 6.1.33 341# Backported to 6.1.33
343CVE_CHECK_IGNORE += "CVE-2022-48425" 342CVE_STATUS[CVE-2022-48425] = "cpe-stable-backport: Backported in version v6.1.33"
344 343
345# 2023 344# 2023
346 345
@@ -349,14 +348,14 @@ CVE_CHECK_IGNORE += "CVE-2022-48425"
349# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa 348# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa
350# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 349# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3
351# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 350# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3
352CVE_CHECK_IGNORE += "CVE-2023-0179" 351CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in versions v5.10.164, v5.15.89 and v6.1.7"
353 352
354# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 353# https://nvd.nist.gov/vuln/detail/CVE-2023-0266
355# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 354# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
356# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e 355# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e
357# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c 356# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c
358# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 357# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1
359CVE_CHECK_IGNORE += "CVE-2023-0266" 358CVE_STATUS[CVE-2023-0266] = "cpe-stable-backport: Backported in versions v5.15.88 and v6.1.6"
360 359
361# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 360# https://nvd.nist.gov/vuln/detail/CVE-2023-0394
362# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 361# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251
@@ -365,14 +364,14 @@ CVE_CHECK_IGNORE += "CVE-2023-0266"
365# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 364# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5
366# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf 365# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf
367# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 366# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
368CVE_CHECK_IGNORE += "CVE-2023-0394" 367CVE_STATUS[CVE-2023-0394] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.164, v5.15.89 and v6.1.7"
369 368
370# https://nvd.nist.gov/vuln/detail/CVE-2023-0386 369# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
371# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203 370# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
372# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 371# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
373# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
374# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e 372# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
375CVE_CHECK_IGNORE += "CVE-2023-0386" 373# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
374CVE_STATUS[CVE-2023-0386] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
376 375
377# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 376# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
378# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578 377# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578
@@ -381,7 +380,7 @@ CVE_CHECK_IGNORE += "CVE-2023-0386"
381# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 380# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0
382# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 381# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
383# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c 382# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
384CVE_CHECK_IGNORE += "CVE-2023-0461" 383CVE_STATUS[CVE-2023-0461] = "cpe-stable-backport: Backported in versions v5.4.229, v5.10.163, v5.15.88 and v6.1.5"
385 384
386# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 385# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
387# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5 386# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5
@@ -389,20 +388,20 @@ CVE_CHECK_IGNORE += "CVE-2023-0461"
389# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 388# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58
390# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 389# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
391# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d 390# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
392CVE_CHECK_IGNORE += "CVE-2023-1073" 391CVE_STATUS[CVE-2023-1073] = "cpe-stable-backport: Backported in versions v5.10.166, v5.15.91 and v6.1.9"
393 392
394# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 393# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
395# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f 394# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
396# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 395# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
397# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 396# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
398CVE_CHECK_IGNORE += "CVE-2023-1074" 397CVE_STATUS[CVE-2023-1074] = "cpe-stable-backport: Backported in versions v5.15.91 andv6.1.9"
399 398
400# https://nvd.nist.gov/vuln/detail/CVE-2023-1075 399# https://nvd.nist.gov/vuln/detail/CVE-2023-1075
401# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221 400# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
402# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb 401# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
403# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50 402# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
404# 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch 403# 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch
405CVE_CHECK_IGNORE += "CVE-2023-1075" 404CVE_STATUS[CVE-2023-1075] = "cpe-stable-backport: Backported in version v6.1.11"
406 405
407# https://nvd.nist.gov/vuln/detail/CVE-2023-1076 406# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
408# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a 407# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
@@ -411,19 +410,19 @@ CVE_CHECK_IGNORE += "CVE-2023-1075"
411# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427 410# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
412# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44 411# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
413# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6 412# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6
414CVE_CHECK_IGNORE += "CVE-2023-1076" 413CVE_STATUS[CVE-2023-1076] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
415 414
416# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 415# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
417# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 416# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
418# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 417# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
419# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 418# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
420CVE_CHECK_IGNORE += "CVE-2023-1077" 419CVE_STATUS[CVE-2023-1077] = "cpe-stable-backport: Backported in versions v5.15.99 and v6.1.16"
421 420
422# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 421# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
423# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d 422# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
424# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba 423# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
425# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 424# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
426CVE_CHECK_IGNORE += "CVE-2023-1078" 425CVE_STATUS[CVE-2023-1078] = "cpe-stable-backport: Backported in versions v5.15.94 and v6.1.12"
427 426
428# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 427# https://nvd.nist.gov/vuln/detail/CVE-2023-1079
429# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df 428# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df
@@ -432,7 +431,7 @@ CVE_CHECK_IGNORE += "CVE-2023-1078"
432# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 431# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138
433# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e 432# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e
434# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 433# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540
435CVE_CHECK_IGNORE += "CVE-2023-1079" 434CVE_STATUS[CVE-2023-1079] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
436 435
437# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 436# https://nvd.nist.gov/vuln/detail/CVE-2023-1118
438# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6 437# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6
@@ -442,7 +441,7 @@ CVE_CHECK_IGNORE += "CVE-2023-1079"
442# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 441# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28
443# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a 442# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a
444# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 443# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555
445CVE_CHECK_IGNORE += "CVE-2023-1118" 444CVE_STATUS[CVE-2023-1118] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.99, v6.1.16 and v6.2.3"
446 445
447# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 446# https://nvd.nist.gov/vuln/detail/CVE-2023-1281
448# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6 447# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6
@@ -450,7 +449,7 @@ CVE_CHECK_IGNORE += "CVE-2023-1118"
450# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 449# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4
451# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da 450# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da
452# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f 451# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f
453CVE_CHECK_IGNORE += "CVE-2023-1281" 452CVE_STATUS[CVE-2023-1281] = "cpe-stable-backport: Backported in versions v5.10.169, v5.15.95 and v6.1.13"
454 453
455# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 454# https://nvd.nist.gov/vuln/detail/CVE-2023-1513
456# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 455# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952
@@ -458,7 +457,7 @@ CVE_CHECK_IGNORE += "CVE-2023-1281"
458# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 457# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107
459# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 458# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8
460# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb 459# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
461CVE_CHECK_IGNORE += "CVE-2023-1513" 460CVE_STATUS[CVE-2023-1513] = "cpe-stable-backport: Backported in versions v5.4.232, v5.10.169, v5.15.95 and v6.1.13"
462 461
463# https://nvd.nist.gov/vuln/detail/CVE-2023-1652 462# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
464# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd 463# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
@@ -466,7 +465,7 @@ CVE_CHECK_IGNORE += "CVE-2023-1513"
466# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560 465# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
467# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652 466# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
468# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652 467# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
469CVE_CHECK_IGNORE += "CVE-2023-1652" 468CVE_STATUS[CVE-2023-1652] = "cpe-stable-backport: Backported in versions v5.15.91 and v6.1.9"
470 469
471# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 470# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
472# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 471# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
@@ -477,178 +476,130 @@ CVE_CHECK_IGNORE += "CVE-2023-1652"
477# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd 476# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
478# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829 477# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
479# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829 478# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
480CVE_CHECK_IGNORE += "CVE-2023-1829" 479CVE_STATUS[CVE-2023-1829] = "cpe-stable-backport: Backported in versions v5.4.235, v5.10.173, v5.15.100, v6.1.18 and v6.2.5"
480
481# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
482# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
483# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
484# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
485# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
486# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
487CVE_STATUS[CVE-2023-28466] = "cpe-stable-backport: Backported in versions v5.15.05, v6.1.20 and v6.2.7"
481 488
482# https://www.linuxkernelcves.com/cves/CVE-2023-0459
483# Fixed in 6.1.14 onwards
484CVE_CHECK_IGNORE += "CVE-2023-0459"
485 489
486# https://www.linuxkernelcves.com/cves/CVE-2023-0615 490# https://www.linuxkernelcves.com/cves/CVE-2023-0615
487# Fixed in 6.1 onwards 491# Fixed in 6.1 onwards
488CVE_CHECK_IGNORE += "CVE-2023-0615" 492CVE_STATUS[CVE-2023-0615] = "fixed-version: Fixed in version v6.1 onwards"
489 493
490# https://www.linuxkernelcves.com/cves/CVE-2023-1380 494# https://www.linuxkernelcves.com/cves/CVE-2023-28328
491# Fixed in 6.1.27 495# Fixed with 6.1.2
492CVE_CHECK_IGNORE += "CVE-2023-1380" 496CVE_STATUS[CVE-2023-28328] = "fixed-version: Fixed in version v6.1.2"
493
494# https://www.linuxkernelcves.com/cves/CVE-2023-1611
495# Fixed in 6.1.23
496CVE_CHECK_IGNORE += "CVE-2023-1611"
497 497
498# https://www.linuxkernelcves.com/cves/CVE-2023-1855 498# https://www.linuxkernelcves.com/cves/CVE-2023-2162
499# Fixed in 6.1.21 499# Fixed in 6.1.11
500CVE_CHECK_IGNORE += "CVE-2023-1855" 500CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed in version v6.1.11"
501 501
502# https://www.linuxkernelcves.com/cves/CVE-2023-1859 502# https://www.linuxkernelcves.com/cves/CVE-2023-0459
503# Fixed in 6.1.25 503# Fixed in 6.1.14 onwards
504CVE_CHECK_IGNORE += "CVE-2023-1859" 504CVE_STATUS[CVE-2023-0459] = "fixed-version: Fixed in version v6.1.14"
505 505
506# https://www.linuxkernelcves.com/cves/CVE-2023-1989 506# https://www.linuxkernelcves.com/cves/CVE-2023-1999
507# Fixed in 6.1.22 507# https://www.linuxkernelcves.com/cves/CVE-2023-2985
508CVE_CHECK_IGNORE += "CVE-2023-1989" 508# Fixed in 6.1.16
509CVE_STATUS[CVE-2023-1998] = "fixed-version: Fixed in version v6.1.16"
510CVE_STATUS[CVE-2023-2985] = "fixed-version: Fixed in version v6.1.16"
509 511
512# https://www.linuxkernelcves.com/cves/CVE-2023-1855
510# https://www.linuxkernelcves.com/cves/CVE-2023-1990 513# https://www.linuxkernelcves.com/cves/CVE-2023-1990
514# https://www.linuxkernelcves.com/cves/CVE-2023-2235
515# https://www.linuxkernelcves.com/cves/CVE-2023-30456
511# Fixed in 6.1.21 516# Fixed in 6.1.21
512CVE_CHECK_IGNORE += "CVE-2023-1990" 517CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6121"
518CVE_STATUS_KERNEL_6121 = "CVE-2023-1855 CVE-2023-1990 CVE-2023-2235 CVE-2023-30456"
519CVE_STATUS_KERNEL_6121[status] = "fixed-version: Fixed in version v6.1.21"
513 520
514# https://www.linuxkernelcves.com/cves/CVE-2023-1999 521# https://www.linuxkernelcves.com/cves/CVE-2023-1989
515# Fixed in 6.1.16 522# https://www.linuxkernelcves.com/cves/CVE-2023-2194
516CVE_CHECK_IGNORE += "CVE-2023-1998" 523# https://www.linuxkernelcves.com/cves/CVE-2023-28866
524# https://www.linuxkernelcves.com/cves/CVE-2023-30772
525# https://www.linuxkernelcves.com/cves/CVE-2023-33203
526# https://www.linuxkernelcves.com/cves/CVE-2023-33288
527# Fixed with 6.1.22
528CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6122"
529CVE_STATUS_KERNEL_6122 = "CVE-2023-2194 CVE-2023-1989 CVE-2023-28866 CVE-2023-30772 CVE-2023-33203 CVE-2023-33288"
530CVE_STATUS_KERNEL_6122[status] = "fixed-version: Fixed in version v6.1.22"
517 531
518# https://www.linuxkernelcves.com/cves/CVE-2023-2002 532# https://www.linuxkernelcves.com/cves/CVE-2023-1611
519# Fixed in 6.1.27 533# Fixed in 6.1.23
520CVE_CHECK_IGNORE += "CVE-2023-2002" 534CVE_STATUS[CVE-2023-1611] = "fixed-version: Fixed in version v6.1.23"
521 535
522# Backported to 6.1.33 536# https://www.linuxkernelcves.com/cves/CVE-2023-1859
523CVE_CHECK_IGNORE += "CVE-2023-2124" 537# Fixed in 6.1.25
538CVE_STATUS[CVE-2023-1859] = "fixed-version: Fixed in version v6.1.25"
524 539
525# https://www.linuxkernelcves.com/cves/CVE-2023-2156 540# https://www.linuxkernelcves.com/cves/CVE-2023-2156
541# https://www.linuxkernelcves.com/cves/CVE-2023-31436
526# Fixed in 6.1.26 542# Fixed in 6.1.26
527CVE_CHECK_IGNORE += "CVE-2023-2156" 543CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed in version v6.1.26"
528 544CVE_STATUS[CVE-2023-31436] = "fixed-version: Fixed in version v6.1.26"
529# https://www.linuxkernelcves.com/cves/CVE-2023-2162
530# Fixed in 6.1.11
531CVE_CHECK_IGNORE += "CVE-2023-2162"
532
533# https://www.linuxkernelcves.com/cves/CVE-2023-2194
534# Fixed with 6.1.22
535CVE_CHECK_IGNORE += "CVE-2023-2194"
536 545
537# https://www.linuxkernelcves.com/cves/CVE-2023-2235 546# https://www.linuxkernelcves.com/cves/CVE-2023-1380
538# Fixed with 6.1.21 547# https://www.linuxkernelcves.com/cves/CVE-2023-2002
539CVE_CHECK_IGNORE += "CVE-2023-2235" 548# Fixed in 6.1.27
549CVE_STATUS[CVE-2023-1380] = "fixed-version: Fixed in version v6.1.27"
550CVE_STATUS[CVE-2023-2002] = "fixed-version: Fixed in version v6.1.27"
540 551
541# https://www.linuxkernelcves.com/cves/CVE-2023-2985 552# https://www.linuxkernelcves.com/cves/CVE-2023-32233
542# Fixed in 6.1.16 553# Fixed with 6.1.28
543CVE_CHECK_IGNORE += "CVE-2023-2985" 554CVE_STATUS[CVE-2023-32233] = "fixed-version: Fixed in version v6.1.28"
544 555
545# Backported to 6.1.30 556# https://www.linuxkernelcves.com/cves/CVE-2023-34256
546CVE_CHECK_IGNORE += "CVE-2023-3090" 557# Fixed in 6.1.29
558CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed in version v6.1.29"
547 559
548# Backported to 6.1.35
549CVE_CHECK_IGNORE += "CVE-2023-3117"
550 560
551# Backported to 6.1.30 as 9a342d4 561# Backported to 6.1.9
552CVE_CHECK_IGNORE += "CVE-2023-3141" 562CVE_STATUS[CVE-2023-3358] = "cpe-stable-backport: Backported in version v6.1.9"
553 563
554# Backported to 6.1.11 564# Backported to 6.1.11
555CVE_CHECK_IGNORE += "CVE-2023-3161" 565CVE_STATUS[CVE-2023-3359] = "cpe-stable-backport: Backported in version v6.1.11"
556 566CVE_STATUS[CVE-2023-3161] = "cpe-stable-backport: Backported in version v6.1.11"
557# Backported to 6.1.33
558CVE_CHECK_IGNORE += "CVE-2023-3212"
559
560# Only in 6.2.0 to 6.2.14, and 6.3.0 to 6.3.1
561CVE_CHECK_IGNORE += "CVE-2023-3312"
562 567
563# Backported to 6.1.16 568# Backported to 6.1.16
564CVE_CHECK_IGNORE += "CVE-2023-3220" 569CVE_STATUS[CVE-2023-3220] = "cpe-stable-backport: Backported in version v6.1.16"
565 570
566# Backported to 6.1.28 571# Backported to 6.1.28
567CVE_CHECK_IGNORE += "CVE-2023-3268" 572CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6128"
573CVE_STATUS_KERNEL_6128 = "CVE-2023-3268 CVE-2023-35823 CVE-2023-35824 CVE-2023-35826 CVE-2023-35828 CVE-2023-35829"
574CVE_STATUS_KERNEL_6122[status] = "cpe-stable-backport: Backported in version v6.1.28"
568 575
569# Backported to 6.1.9 576# Backported to 6.1.30
570CVE_CHECK_IGNORE += "CVE-2023-3358" 577# Backported to 6.1.30 as 9a342d4
578CVE_STATUS[CVE-2023-3090] = "cpe-stable-backport: Backported in version v6.1.30"
579CVE_STATUS[CVE-2023-3141] = "cpe-stable-backport: Backported in version v6.1.30 as 9a342d4"
571 580
572# Backported to 6.1.11 581# Backported to 6.1.33
573CVE_CHECK_IGNORE += "CVE-2023-3359" 582CVE_STATUS_GROUPS += "CVE_STATUS_KERNEL_6133"
583CVE_STATUS_KERNEL_6133 = "CVE-2023-2124 CVE-2023-3212 CVE-2023-35788"
584CVE_STATUS_KERNEL_6133[status] = "cpe-stable-backport: Backported in version v6.1.33"
585
586# Backported to 6.1.35
587CVE_STATUS[CVE-2023-3117] = "cpe-stable-backport: Backported in version v6.1.35"
588CVE_STATUS[CVE-2023-3390] = "cpe-stable-backport: Backported in version v6.1.35"
574 589
575# Backported to 6.1.36 590# Backported to 6.1.36
576CVE_CHECK_IGNORE += "CVE-2023-3389" 591CVE_STATUS[CVE-2023-3389] = "cpe-stable-backport: Backported in version v6.1.36"
592
593# Only in 6.2.0 to 6.2.14, and 6.3.0 to 6.3.1
594CVE_STATUS[CVE-2023-3312] = "not-applicable-config: Only in versions v6.2.0 to v6.2.4 and v6.3.0 to v6.3.1"
577 595
578# Backported to 6.1.35
579CVE_CHECK_IGNORE += "CVE-2023-3390"
580 596
581# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 597# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
582# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b 598# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
583# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee 599# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
584# But, the CVE is disputed: 600# But, the CVE is disputed:
585# > NOTE: this is disputed by third parties because there are no realistic cases 601CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \
586# > in which a user can cause the alloc_memory_type error case to be reached. 602in which a user can cause the alloc_memory_type error case to be reached. \
587# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 603See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2"
588# We can safely ignore it.
589CVE_CHECK_IGNORE += "CVE-2023-23005"
590
591# https://www.linuxkernelcves.com/cves/CVE-2023-28328
592# Fixed with 6.1.2
593CVE_CHECK_IGNORE += "CVE-2023-28328"
594
595# Only in 6.3-rc
596CVE_CHECK_IGNORE += "CVE-2023-28464"
597
598# https://nvd.nist.gov/vuln/detail/CVE-2023-28466
599# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
600# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
601# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa
602# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123
603# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce
604CVE_CHECK_IGNORE += "CVE-2023-28466"
605 604
606# https://www.linuxkernelcves.com/cves/CVE-2023-28866 605CVE_STATUS[CVE-2023-28464] = "not-applicable-config: Only in 6.3-rc"
607# Fixed with 6.1.22
608CVE_CHECK_IGNORE += "CVE-2023-28866"
609
610# https://www.linuxkernelcves.com/cves/CVE-2023-30456
611# Fixed with 6.1.21
612CVE_CHECK_IGNORE += "CVE-2023-30456"
613
614# https://www.linuxkernelcves.com/cves/CVE-2023-30772
615# Fixed with 6.1.22
616CVE_CHECK_IGNORE += "CVE-2023-30772"
617
618# https://www.linuxkernelcves.com/cves/CVE-2023-31436
619# Fixed with 6.1.26
620CVE_CHECK_IGNORE += "CVE-2023-31436"
621
622# https://www.linuxkernelcves.com/cves/CVE-2023-32233
623# Fixed with 6.1.28
624CVE_CHECK_IGNORE += "CVE-2023-32233"
625
626# https://www.linuxkernelcves.com/cves/CVE-2023-33203
627# Fixed with 6.1.22
628CVE_CHECK_IGNORE += "CVE-2023-33203"
629
630# https://www.linuxkernelcves.com/cves/CVE-2023-33288
631# Fixed with 6.1.22
632CVE_CHECK_IGNORE += "CVE-2023-33288"
633
634# https://www.linuxkernelcves.com/cves/CVE-2023-34256
635# Fixed in 6.1.29
636CVE_CHECK_IGNORE += "CVE-2023-34256"
637
638# Backported to 6.1.28
639CVE_CHECK_IGNORE += "CVE-2023-35823"
640
641# Backported to 6.1.28
642CVE_CHECK_IGNORE += "CVE-2023-35824"
643
644# Backported to 6.1.28
645CVE_CHECK_IGNORE += "CVE-2023-35826"
646
647# Backported to 6.1.28
648CVE_CHECK_IGNORE += "CVE-2023-35828"
649
650# Backported to 6.1.28
651CVE_CHECK_IGNORE += "CVE-2023-35829"
652
653# Backported to 6.1.33
654CVE_CHECK_IGNORE += "CVE-2023-35788"
diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.40.bb b/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
index 0ef4b82d1c..293bf2858d 100644
--- a/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
+++ b/meta/recipes-multimedia/libpng/libpng_1.6.40.bb
@@ -32,5 +32,4 @@ FILES:${PN}-tools = "${bindir}/png-fix-itxt ${bindir}/pngfix ${bindir}/pngcp"
32 32
33BBCLASSEXTEND = "native nativesdk" 33BBCLASSEXTEND = "native nativesdk"
34 34
35# CVE-2019-17371 is actually a memory leak in gif2png 2.x 35CVE_STATUS[CVE-2019-17371] = "cpe-incorrect: A memory leak in gif2png 2.x"
36CVE_CHECK_IGNORE += "CVE-2019-17371"
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
index 5af3f84265..6171a538e5 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.5.1.bb
@@ -15,9 +15,7 @@ SRC_URI[sha256sum] = "d7f38b6788e4a8f5da7940c5ac9424f494d8a79eba53d555f4a507167d
15# exclude betas 15# exclude betas
16UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" 16UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
17 17
18# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 18CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
19# and 4.3.0 doesn't have the issue
20CVE_CHECK_IGNORE += "CVE-2015-7313"
21 19
22inherit autotools multilib_header 20inherit autotools multilib_header
23 21
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
index 58f07a116d..524b06ca22 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.2.bb
@@ -29,8 +29,8 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
29 " 29 "
30SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03" 30SRC_URI[sha256sum] = "3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03"
31 31
32# Below whitelisted CVEs are disputed and not affecting crypto libraries for any distro. 32CVE_STATUS[CVE-2018-12433] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
33CVE_CHECK_IGNORE += "CVE-2018-12433 CVE-2018-12438" 33CVE_STATUS[CVE-2018-12438] = "disputed: CVE is disputed and not affecting crypto libraries for any distro."
34 34
35BINCONFIG = "${bindir}/libgcrypt-config" 35BINCONFIG = "${bindir}/libgcrypt-config"
36 36
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/meta/recipes-support/libxslt/libxslt_1.1.38.bb
index bf35a94b7f..ed5b15badd 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.38.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.38.bb
@@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e
19 19
20UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar" 20UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
21 21
22# We have libxml2 2.9.14 and we don't link statically with it anyway 22CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled."
23# so this isn't an issue.
24CVE_CHECK_IGNORE += "CVE-2022-29824"
25 23
26S = "${WORKDIR}/libxslt-${PV}" 24S = "${WORKDIR}/libxslt-${PV}"
27 25
diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb
index d2a25fd5b0..51a854d44a 100644
--- a/meta/recipes-support/lz4/lz4_1.9.4.bb
+++ b/meta/recipes-support/lz4/lz4_1.9.4.bb
@@ -21,8 +21,7 @@ S = "${WORKDIR}/git"
21 21
22inherit ptest 22inherit ptest
23 23
24# Fixed in r118, which is larger than the current version. 24CVE_STATUS[CVE-2014-4715] = "fixed-version: Fixed in r118, which is larger than the current version."
25CVE_CHECK_IGNORE += "CVE-2014-4715"
26 25
27EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" 26EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no"
28 27
diff --git a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
index f60aca63d2..8783f620f4 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.42.0.bb
@@ -6,9 +6,3 @@ LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed0
6SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz" 6SRC_URI = "http://www.sqlite.org/2023/sqlite-autoconf-${SQLITE_PV}.tar.gz"
7SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6" 7SRC_URI[sha256sum] = "7abcfd161c6e2742ca5c6c0895d1f853c940f203304a0b49da4e1eca5d088ca6"
8 8
9# -19242 is only an issue in specific development branch commits
10CVE_CHECK_IGNORE += "CVE-2019-19242"
11# This is believed to be iOS specific (https://groups.google.com/g/sqlite-dev/c/U7OjAbZO6LA)
12CVE_CHECK_IGNORE += "CVE-2015-3717"
13# Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
14CVE_CHECK_IGNORE += "CVE-2021-36690"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-02-24 14:04:09 +0000