linux-yocto/5.15: update CVE exclusions

Data pulled from: https://github.com/nluedtke/linux_kernel_cves 1/1 [ Author: Nicholas Luedtke Email: nicholas.luedtke@uwalumni.com Subject: Update 3Feb24 Date: Sat, 3 Feb 2024 00:42:14 -0500 ] (From OE-Core rev: b71eeab71911ab49a8e8b8d78560fdbd66f883e7) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-02-20 21:44:59 -0500
committer: Steve Sakoman <steve@sakoman.com> 2024-02-28 03:32:09 -1000
commit: 32e41c230484586e6b8e51ca1d8ec876fd787842 (patch)
tree: 55a73406d5bd440b36fbdacef6ba7cf7677eba41
parent: acc4d31297f434b62c4123814f51c470a157f7f6 (diff)
download: poky-32e41c230484586e6b8e51ca1d8ec876fd787842.tar.gz
1 files changed, 85 insertions, 6 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 0d54b414d9..d33f2b3c7f 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
+# Generated at 2024-02-06 21:02:11.546853 for version 5.15.148
 python check_kernel_cve_status_version() {
-    this_version = "5.15.147"
+    this_version = "5.15.148"
    kernel_version = d.getVar("LINUX_VERSION")
    if kernel_version != this_version:
        bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5299,6 +5299,12 @@ CVE_CHECK_IGNORE += "CVE-2021-3348"
 # fixed-version: Fixed after version 5.13rc7
 CVE_CHECK_IGNORE += "CVE-2021-33624"
+# fixed-version: Fixed after version 5.4rc1
+CVE_CHECK_IGNORE += "CVE-2021-33630"
+# cpe-stable-backport: Backported in 5.15.87
+CVE_CHECK_IGNORE += "CVE-2021-33631"
 # cpe-stable-backport: Backported in 5.15.54
 CVE_CHECK_IGNORE += "CVE-2021-33655"
@@ -6395,7 +6401,8 @@ CVE_CHECK_IGNORE += "CVE-2022-3635"
 # fixed-version: only affects 5.19 onwards
 CVE_CHECK_IGNORE += "CVE-2022-3640"
-# CVE-2022-36402 has no known resolution
+# cpe-stable-backport: Backported in 5.15.129
+CVE_CHECK_IGNORE += "CVE-2022-36402"
 # CVE-2022-3642 has no known resolution
@@ -7369,8 +7376,14 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
 CVE_CHECK_IGNORE += "CVE-2023-4623"
 # cpe-stable-backport: Backported in 5.15.137
+CVE_CHECK_IGNORE += "CVE-2023-46343"
+# cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-46813"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-46838"
 # cpe-stable-backport: Backported in 5.15.140
 CVE_CHECK_IGNORE += "CVE-2023-46862"
@@ -7385,11 +7398,17 @@ CVE_CHECK_IGNORE += "CVE-2023-4881"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-4921"
-# CVE-2023-50431 has no known resolution
+# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
 # fixed-version: only affects 6.0rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5090"
+# cpe-stable-backport: Backported in 5.15.128
+CVE_CHECK_IGNORE += "CVE-2023-51042"
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2023-51043"
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
@@ -7411,6 +7430,9 @@ CVE_CHECK_IGNORE += "CVE-2023-51782"
 # cpe-stable-backport: Backported in 5.15.134
 CVE_CHECK_IGNORE += "CVE-2023-5197"
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-52340"
 # fixed-version: only affects 6.1rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-5345"
@@ -7425,7 +7447,8 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
-# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2023-6040"
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
@@ -7436,6 +7459,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6121"
 # cpe-stable-backport: Backported in 5.15.132
 CVE_CHECK_IGNORE += "CVE-2023-6176"
+# fixed-version: only affects 6.6rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-6200"
 # CVE-2023-6238 has no known resolution
 # CVE-2023-6270 has no known resolution
@@ -7468,6 +7494,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6679"
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2023-6915"
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6931"
@@ -7487,5 +7516,55 @@ CVE_CHECK_IGNORE += "CVE-2024-0193"
 # fixed-version: only affects 6.2rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2024-0443"
-# Skipping dd=CVE-2023-1476, no affected_versions
+# cpe-stable-backport: Backported in 5.15.64
+CVE_CHECK_IGNORE += "CVE-2024-0562"
+# CVE-2024-0564 has no known resolution
+# CVE-2024-0565 needs backporting (fixed from 6.7rc6)
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2024-0582"
+# cpe-stable-backport: Backported in 5.15.142
+CVE_CHECK_IGNORE += "CVE-2024-0584"
+# cpe-stable-backport: Backported in 5.15.140
+CVE_CHECK_IGNORE += "CVE-2024-0607"
+# cpe-stable-backport: Backported in 5.15.121
+CVE_CHECK_IGNORE += "CVE-2024-0639"
+# cpe-stable-backport: Backported in 5.15.135
+CVE_CHECK_IGNORE += "CVE-2024-0641"
+# cpe-stable-backport: Backported in 5.15.147
+CVE_CHECK_IGNORE += "CVE-2024-0646"
+# cpe-stable-backport: Backported in 5.15.112
+CVE_CHECK_IGNORE += "CVE-2024-0775"
+# CVE-2024-0841 has no known resolution
+# cpe-stable-backport: Backported in 5.15.148
+CVE_CHECK_IGNORE += "CVE-2024-1085"
+# CVE-2024-1086 needs backporting (fixed from 6.8rc2)
+# CVE-2024-21803 has no known resolution
+# CVE-2024-22099 has no known resolution
+# cpe-stable-backport: Backported in 5.15.146
+CVE_CHECK_IGNORE += "CVE-2024-22705"
+# CVE-2024-23307 has no known resolution
+# CVE-2024-23848 has no known resolution
+# CVE-2024-23849 has no known resolution
+# CVE-2024-23850 has no known resolution
+# CVE-2024-23851 has no known resolution
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-02-20 21:44:59 -0500
committer	Steve Sakoman <steve@sakoman.com>	2024-02-28 03:32:09 -1000
commit	32e41c230484586e6b8e51ca1d8ec876fd787842 (patch)
tree	55a73406d5bd440b36fbdacef6ba7cf7677eba41
parent	acc4d31297f434b62c4123814f51c470a157f7f6 (diff)
download	poky-32e41c230484586e6b8e51ca1d8ec876fd787842.tar.gz

diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc index 0d54b414d9..d33f2b3c7f 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
1		1
2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.	2	# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3	# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147	3	# Generated at 2024-02-06 21:02:11.546853 for version 5.15.148
4		4
5	python check_kernel_cve_status_version() {	5	python check_kernel_cve_status_version() {
6	this_version = "5.15.147"	6	this_version = "5.15.148"
7	kernel_version = d.getVar("LINUX_VERSION")	7	kernel_version = d.getVar("LINUX_VERSION")
8	if kernel_version != this_version:	8	if kernel_version != this_version:
9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))	9	bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5299,6 +5299,12 @@ CVE_CHECK_IGNORE += "CVE-2021-3348"
5299	# fixed-version: Fixed after version 5.13rc7	5299	# fixed-version: Fixed after version 5.13rc7
5300	CVE_CHECK_IGNORE += "CVE-2021-33624"	5300	CVE_CHECK_IGNORE += "CVE-2021-33624"
5301		5301
		5302	# fixed-version: Fixed after version 5.4rc1
		5303	CVE_CHECK_IGNORE += "CVE-2021-33630"
		5304
		5305	# cpe-stable-backport: Backported in 5.15.87
		5306	CVE_CHECK_IGNORE += "CVE-2021-33631"
		5307
5302	# cpe-stable-backport: Backported in 5.15.54	5308	# cpe-stable-backport: Backported in 5.15.54
5303	CVE_CHECK_IGNORE += "CVE-2021-33655"	5309	CVE_CHECK_IGNORE += "CVE-2021-33655"
5304		5310
@@ -6395,7 +6401,8 @@ CVE_CHECK_IGNORE += "CVE-2022-3635"
6395	# fixed-version: only affects 5.19 onwards	6401	# fixed-version: only affects 5.19 onwards
6396	CVE_CHECK_IGNORE += "CVE-2022-3640"	6402	CVE_CHECK_IGNORE += "CVE-2022-3640"
6397		6403
6398	# CVE-2022-36402 has no known resolution	6404	# cpe-stable-backport: Backported in 5.15.129
		6405	CVE_CHECK_IGNORE += "CVE-2022-36402"
6399		6406
6400	# CVE-2022-3642 has no known resolution	6407	# CVE-2022-3642 has no known resolution
6401		6408
@@ -7369,8 +7376,14 @@ CVE_CHECK_IGNORE += "CVE-2023-4611"
7369	CVE_CHECK_IGNORE += "CVE-2023-4623"	7376	CVE_CHECK_IGNORE += "CVE-2023-4623"
7370		7377
7371	# cpe-stable-backport: Backported in 5.15.137	7378	# cpe-stable-backport: Backported in 5.15.137
		7379	CVE_CHECK_IGNORE += "CVE-2023-46343"
		7380
		7381	# cpe-stable-backport: Backported in 5.15.137
7372	CVE_CHECK_IGNORE += "CVE-2023-46813"	7382	CVE_CHECK_IGNORE += "CVE-2023-46813"
7373		7383
		7384	# cpe-stable-backport: Backported in 5.15.148
		7385	CVE_CHECK_IGNORE += "CVE-2023-46838"
		7386
7374	# cpe-stable-backport: Backported in 5.15.140	7387	# cpe-stable-backport: Backported in 5.15.140
7375	CVE_CHECK_IGNORE += "CVE-2023-46862"	7388	CVE_CHECK_IGNORE += "CVE-2023-46862"
7376		7389
@@ -7385,11 +7398,17 @@ CVE_CHECK_IGNORE += "CVE-2023-4881"
7385	# cpe-stable-backport: Backported in 5.15.132	7398	# cpe-stable-backport: Backported in 5.15.132
7386	CVE_CHECK_IGNORE += "CVE-2023-4921"	7399	CVE_CHECK_IGNORE += "CVE-2023-4921"
7387		7400
7388	# CVE-2023-50431 has no known resolution	7401	# CVE-2023-50431 needs backporting (fixed from 6.8rc1)
7389		7402
7390	# fixed-version: only affects 6.0rc1 onwards	7403	# fixed-version: only affects 6.0rc1 onwards
7391	CVE_CHECK_IGNORE += "CVE-2023-5090"	7404	CVE_CHECK_IGNORE += "CVE-2023-5090"
7392		7405
		7406	# cpe-stable-backport: Backported in 5.15.128
		7407	CVE_CHECK_IGNORE += "CVE-2023-51042"
		7408
		7409	# cpe-stable-backport: Backported in 5.15.121
		7410	CVE_CHECK_IGNORE += "CVE-2023-51043"
		7411
7393	# cpe-stable-backport: Backported in 5.15.135	7412	# cpe-stable-backport: Backported in 5.15.135
7394	CVE_CHECK_IGNORE += "CVE-2023-5158"	7413	CVE_CHECK_IGNORE += "CVE-2023-5158"
7395		7414
@@ -7411,6 +7430,9 @@ CVE_CHECK_IGNORE += "CVE-2023-51782"
7411	# cpe-stable-backport: Backported in 5.15.134	7430	# cpe-stable-backport: Backported in 5.15.134
7412	CVE_CHECK_IGNORE += "CVE-2023-5197"	7431	CVE_CHECK_IGNORE += "CVE-2023-5197"
7413		7432
		7433	# cpe-stable-backport: Backported in 5.15.147
		7434	CVE_CHECK_IGNORE += "CVE-2023-52340"
		7435
7414	# fixed-version: only affects 6.1rc1 onwards	7436	# fixed-version: only affects 6.1rc1 onwards
7415	CVE_CHECK_IGNORE += "CVE-2023-5345"	7437	CVE_CHECK_IGNORE += "CVE-2023-5345"
7416		7438
@@ -7425,7 +7447,8 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
7425		7447
7426	# CVE-2023-6039 needs backporting (fixed from 6.5rc5)	7448	# CVE-2023-6039 needs backporting (fixed from 6.5rc5)
7427		7449
7428	# CVE-2023-6040 needs backporting (fixed from 5.18rc1)	7450	# cpe-stable-backport: Backported in 5.15.147
		7451	CVE_CHECK_IGNORE += "CVE-2023-6040"
7429		7452
7430	# fixed-version: only affects 6.6rc3 onwards	7453	# fixed-version: only affects 6.6rc3 onwards
7431	CVE_CHECK_IGNORE += "CVE-2023-6111"	7454	CVE_CHECK_IGNORE += "CVE-2023-6111"
@@ -7436,6 +7459,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6121"
7436	# cpe-stable-backport: Backported in 5.15.132	7459	# cpe-stable-backport: Backported in 5.15.132
7437	CVE_CHECK_IGNORE += "CVE-2023-6176"	7460	CVE_CHECK_IGNORE += "CVE-2023-6176"
7438		7461
		7462	# fixed-version: only affects 6.6rc1 onwards
		7463	CVE_CHECK_IGNORE += "CVE-2023-6200"
		7464
7439	# CVE-2023-6238 has no known resolution	7465	# CVE-2023-6238 has no known resolution
7440		7466
7441	# CVE-2023-6270 has no known resolution	7467	# CVE-2023-6270 has no known resolution
@@ -7468,6 +7494,9 @@ CVE_CHECK_IGNORE += "CVE-2023-6679"
7468	# cpe-stable-backport: Backported in 5.15.143	7494	# cpe-stable-backport: Backported in 5.15.143
7469	CVE_CHECK_IGNORE += "CVE-2023-6817"	7495	CVE_CHECK_IGNORE += "CVE-2023-6817"
7470		7496
		7497	# cpe-stable-backport: Backported in 5.15.148
		7498	CVE_CHECK_IGNORE += "CVE-2023-6915"
		7499
7471	# cpe-stable-backport: Backported in 5.15.143	7500	# cpe-stable-backport: Backported in 5.15.143
7472	CVE_CHECK_IGNORE += "CVE-2023-6931"	7501	CVE_CHECK_IGNORE += "CVE-2023-6931"
7473		7502
@@ -7487,5 +7516,55 @@ CVE_CHECK_IGNORE += "CVE-2024-0193"
7487	# fixed-version: only affects 6.2rc1 onwards	7516	# fixed-version: only affects 6.2rc1 onwards
7488	CVE_CHECK_IGNORE += "CVE-2024-0443"	7517	CVE_CHECK_IGNORE += "CVE-2024-0443"
7489		7518
7490	# Skipping dd=CVE-2023-1476, no affected_versions	7519	# cpe-stable-backport: Backported in 5.15.64
		7520	CVE_CHECK_IGNORE += "CVE-2024-0562"
		7521
		7522	# CVE-2024-0564 has no known resolution
		7523
		7524	# CVE-2024-0565 needs backporting (fixed from 6.7rc6)
		7525
		7526	# fixed-version: only affects 6.4rc1 onwards
		7527	CVE_CHECK_IGNORE += "CVE-2024-0582"
		7528
		7529	# cpe-stable-backport: Backported in 5.15.142
		7530	CVE_CHECK_IGNORE += "CVE-2024-0584"
		7531
		7532	# cpe-stable-backport: Backported in 5.15.140
		7533	CVE_CHECK_IGNORE += "CVE-2024-0607"
		7534
		7535	# cpe-stable-backport: Backported in 5.15.121
		7536	CVE_CHECK_IGNORE += "CVE-2024-0639"
		7537
		7538	# cpe-stable-backport: Backported in 5.15.135
		7539	CVE_CHECK_IGNORE += "CVE-2024-0641"
		7540
		7541	# cpe-stable-backport: Backported in 5.15.147
		7542	CVE_CHECK_IGNORE += "CVE-2024-0646"
		7543
		7544	# cpe-stable-backport: Backported in 5.15.112
		7545	CVE_CHECK_IGNORE += "CVE-2024-0775"
		7546
		7547	# CVE-2024-0841 has no known resolution
		7548
		7549	# cpe-stable-backport: Backported in 5.15.148
		7550	CVE_CHECK_IGNORE += "CVE-2024-1085"
		7551
		7552	# CVE-2024-1086 needs backporting (fixed from 6.8rc2)
		7553
		7554	# CVE-2024-21803 has no known resolution
		7555
		7556	# CVE-2024-22099 has no known resolution
		7557
		7558	# cpe-stable-backport: Backported in 5.15.146
		7559	CVE_CHECK_IGNORE += "CVE-2024-22705"
		7560
		7561	# CVE-2024-23307 has no known resolution
		7562
		7563	# CVE-2024-23848 has no known resolution
		7564
		7565	# CVE-2024-23849 has no known resolution
		7566
		7567	# CVE-2024-23850 has no known resolution
		7568
		7569	# CVE-2024-23851 has no known resolution
7491		7570