diff options
-rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion.inc | 10 | ||||
-rw-r--r-- | meta/recipes-kernel/linux/linux-yocto_6.1.bb | 1 | ||||
-rw-r--r-- | meta/recipes-kernel/linux/linux-yocto_6.4.bb | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc new file mode 100644 index 0000000000..42f1c195c9 --- /dev/null +++ b/meta/recipes-kernel/linux/cve-exclusion.inc | |||
@@ -0,0 +1,10 @@ | |||
1 | CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu" | ||
2 | |||
3 | CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto" | ||
4 | |||
5 | # Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b | ||
6 | # Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee | ||
7 | # But, the CVE is disputed: | ||
8 | CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \ | ||
9 | in which a user can cause the alloc_memory_type error case to be reached. \ | ||
10 | See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2" | ||
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index cf8728ca15..2f804d379d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb | |||
@@ -3,6 +3,7 @@ KBRANCH ?= "v6.1/standard/base" | |||
3 | require recipes-kernel/linux/linux-yocto.inc | 3 | require recipes-kernel/linux/linux-yocto.inc |
4 | 4 | ||
5 | # CVE exclusions | 5 | # CVE exclusions |
6 | include recipes-kernel/linux/cve-exclusion.inc | ||
6 | include recipes-kernel/linux/cve-exclusion_6.1.inc | 7 | include recipes-kernel/linux/cve-exclusion_6.1.inc |
7 | 8 | ||
8 | # board specific branches | 9 | # board specific branches |
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/meta/recipes-kernel/linux/linux-yocto_6.4.bb index 4deb7bc537..caa78b0163 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.4.bb | |||
@@ -3,6 +3,7 @@ KBRANCH ?= "v6.4/standard/base" | |||
3 | require recipes-kernel/linux/linux-yocto.inc | 3 | require recipes-kernel/linux/linux-yocto.inc |
4 | 4 | ||
5 | # CVE exclusions | 5 | # CVE exclusions |
6 | include recipes-kernel/linux/cve-exclusion.inc | ||
6 | include recipes-kernel/linux/cve-exclusion_6.4.inc | 7 | include recipes-kernel/linux/cve-exclusion_6.4.inc |
7 | 8 | ||
8 | # board specific branches | 9 | # board specific branches |