1 files changed, 13 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 22858bc563..23242fff76 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -5,6 +5,19 @@ CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-175
                        CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \
 "
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
+# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
+# "this is being treated as a non-security bug and no real threat."
+CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
+# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
+# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
+# easier access for another. "ASLR bypass itself is not a vulnerability."
+# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
+CVE_CHECK_WHITELIST += "CVE-2019-1010025"
 DEPENDS += "gperf-native bison-native make-native"
 NATIVESDKFIXES ?= ""

diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 22858bc563..23242fff76 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -5,6 +5,19 @@ CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-175
5	CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \	5	CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \
6	"	6	"
7		7
		8	# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
		9	# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023
		10	# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024
		11	# Upstream glibc maintainers dispute there is any issue and have no plans to address it further.
		12	# "this is being treated as a non-security bug and no real threat."
		13	CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024"
		14
		15	# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025
		16	# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow
		17	# easier access for another. "ASLR bypass itself is not a vulnerability."
		18	# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853
		19	CVE_CHECK_WHITELIST += "CVE-2019-1010025"
		20
8	DEPENDS += "gperf-native bison-native make-native"	21	DEPENDS += "gperf-native bison-native make-native"
9		22
10	NATIVESDKFIXES ?= ""	23	NATIVESDKFIXES ?= ""