cve-extra-exclusions: linux-yocto: ignore fixed CVE-2023-1652 & CVE-2023-1829

CVE-2023-1652 & CVE-2023-1829 are fixed by all version used by linux-yocto. Fixing commits are not referenced by NVD but are referenced by: * https://www.linuxkernelcves.com * Debian kernel-sec team ... this should be trust worthy enough. (From OE-Core rev: 8f9d6c5b0238641313387c139442566752a1d25d) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Yoann Congal <yoann.congal@smile.fr> 2023-04-23 20:04:18 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-04-27 14:41:31 +0100
commit: 8fba3022119d155ea58f7b2c3cc8a1fe0fa823a3 (patch)
tree: 2e3393784a8b08ffb481143fb7c3bd22580732ed /meta
parent: ef577b03d70663bb51bbff05ee90d609adb86a35 (diff)
download: poky-8fba3022119d155ea58f7b2c3cc8a1fe0fa823a3.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 8965a15b37..0ca75bae3e 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -494,6 +494,25 @@ CVE_CHECK_IGNORE += "CVE-2023-1281"
 # Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
 CVE_CHECK_IGNORE += "CVE-2023-1513"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
+# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
+# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
+# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
+# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
+CVE_CHECK_IGNORE += "CVE-2023-1652"
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
+# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
+# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
+# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
+# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
+# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
+# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
+# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
+# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
+CVE_CHECK_IGNORE += "CVE-2023-1829"
 # https://nvd.nist.gov/vuln/detail/CVE-2023-23005
 # Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
 # Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
author	Yoann Congal <yoann.congal@smile.fr>	2023-04-23 20:04:18 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-04-27 14:41:31 +0100
commit	8fba3022119d155ea58f7b2c3cc8a1fe0fa823a3 (patch)
tree	2e3393784a8b08ffb481143fb7c3bd22580732ed /meta
parent	ef577b03d70663bb51bbff05ee90d609adb86a35 (diff)
download	poky-8fba3022119d155ea58f7b2c3cc8a1fe0fa823a3.tar.gz

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 8965a15b37..0ca75bae3e 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -494,6 +494,25 @@ CVE_CHECK_IGNORE += "CVE-2023-1281"
494	# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb	494	# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
495	CVE_CHECK_IGNORE += "CVE-2023-1513"	495	CVE_CHECK_IGNORE += "CVE-2023-1513"
496		496
		497	# https://nvd.nist.gov/vuln/detail/CVE-2023-1652
		498	# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd
		499	# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36
		500	# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560
		501	# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652
		502	# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652
		503	CVE_CHECK_IGNORE += "CVE-2023-1652"
		504
		505	# https://nvd.nist.gov/vuln/detail/CVE-2023-1829
		506	# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28
		507	# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480
		508	# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
		509	# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19
		510	# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd
		511	# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd
		512	# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829
		513	# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829
		514	CVE_CHECK_IGNORE += "CVE-2023-1829"
		515
497	# https://nvd.nist.gov/vuln/detail/CVE-2023-23005	516	# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
498	# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b	517	# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
499	# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee	518	# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee