From 2a99029835fbd19d7995faedd0da6bb69b53dbf4 Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Wed, 3 Jan 2024 16:24:21 -0500 Subject: linux-yocto/6.1: update CVE exclusions Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 27Dec23 Date: Wed, 27 Dec 2023 19:47:13 -0500 ] (From OE-Core rev: b303a7dd260ad3f6a9e6f1b8099b86efcc8373a9) Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --- meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 42 +++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) (limited to 'meta/recipes-kernel') diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 3cf11d6daf..8d345831d3 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68 +# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70 python check_kernel_cve_status_version() { - this_version = "6.1.68" + this_version = "6.1.70" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -5108,12 +5108,22 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" +# CVE-2023-50431 has no known resolution + CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" +# CVE-2023-51779 needs backporting (fixed from 6.7rc7) + CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60" +CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69" + +CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69" + +CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69" + CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" @@ -5122,7 +5132,7 @@ CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60" -# CVE-2023-5972 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards" # CVE-2023-6039 needs backporting (fixed from 6.5rc5) @@ -5134,3 +5144,29 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" # CVE-2023-6238 has no known resolution +# CVE-2023-6356 has no known resolution + +# CVE-2023-6535 has no known resolution + +# CVE-2023-6536 has no known resolution + +CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47" + +# CVE-2023-6560 needs backporting (fixed from 6.7rc4) + +# CVE-2023-6606 needs backporting (fixed from 6.7rc7) + +# CVE-2023-6610 needs backporting (fixed from 6.7rc7) + +CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68" + +# CVE-2023-6679 needs backporting (fixed from 6.7rc6) + +CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68" + +CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68" + +CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66" + +# CVE-2023-7042 has no known resolution + -- cgit v1.2.3-54-g00ecf