summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorNiko Mauno <niko.mauno@vaisala.com>2025-05-26 09:29:26 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2025-05-29 15:14:37 +0100
commit6c8662d11e7b3702aa3794f86b76eae90240250f (patch)
tree50b955e44506601d0deb9ffe5fd494532c32c5dd /meta
parent59980007f0f7c6847fbda74822bb66ce4dda9ff5 (diff)
downloadpoky-6c8662d11e7b3702aa3794f86b76eae90240250f.tar.gz
linux: cve-exclusions: Fix false negatives
Amend the generate-cve-exclusions.py checking logic in part of the code responsible for iterating the "affected" defaultStatus part of the JSON structure in order to mitigate occurrences of false negatives in the generated output, as well as occurrences of wrong reason for negative result in case where the reason is actually that the checked kernel version is in backport fix scope. In tandem we regenerate the content of cve-exclusion_6.12.inc using https://github.com/CVEProject/cvelistV5.git repository main branch at git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content in sync with the script. (From OE-Core rev: b1a5939535d67b9c0e6d8c2729cff9749a0ebaae) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-kernel/linux/cve-exclusion_6.12.inc70
-rwxr-xr-xmeta/recipes-kernel/linux/generate-cve-exclusions.py4
2 files changed, 38 insertions, 36 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 49d8bfcf0c..c03ad19a3d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,6 +1,6 @@
1 1
2# Auto-generated CVE metadata, DO NOT EDIT BY HAND. 2# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
3# Generated at 2025-05-24 07:35:37.850677+00:00 for version 6.12.27 3# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27
4 4
5python check_kernel_cve_status_version() { 5python check_kernel_cve_status_version() {
6 this_version = "6.12.27" 6 this_version = "6.12.27"
@@ -11234,7 +11234,7 @@ CVE_STATUS[CVE-2024-57975] = "cpe-stable-backport: Backported in 6.12.13"
11234 11234
11235CVE_STATUS[CVE-2024-57977] = "cpe-stable-backport: Backported in 6.12.13" 11235CVE_STATUS[CVE-2024-57977] = "cpe-stable-backport: Backported in 6.12.13"
11236 11236
11237CVE_STATUS[CVE-2024-57978] = "fixed-version: only affects 6.13 onwards" 11237CVE_STATUS[CVE-2024-57978] = "cpe-stable-backport: Backported in 6.12.13"
11238 11238
11239CVE_STATUS[CVE-2024-57979] = "cpe-stable-backport: Backported in 6.12.13" 11239CVE_STATUS[CVE-2024-57979] = "cpe-stable-backport: Backported in 6.12.13"
11240 11240
@@ -11296,7 +11296,7 @@ CVE_STATUS[CVE-2024-58007] = "cpe-stable-backport: Backported in 6.12.14"
11296 11296
11297CVE_STATUS[CVE-2024-58008] = "cpe-stable-backport: Backported in 6.12.14" 11297CVE_STATUS[CVE-2024-58008] = "cpe-stable-backport: Backported in 6.12.14"
11298 11298
11299CVE_STATUS[CVE-2024-58009] = "fixed-version: only affects 6.13 onwards" 11299CVE_STATUS[CVE-2024-58009] = "cpe-stable-backport: Backported in 6.12.14"
11300 11300
11301CVE_STATUS[CVE-2024-58010] = "cpe-stable-backport: Backported in 6.12.14" 11301CVE_STATUS[CVE-2024-58010] = "cpe-stable-backport: Backported in 6.12.14"
11302 11302
@@ -11542,7 +11542,7 @@ CVE_STATUS[CVE-2025-21685] = "cpe-stable-backport: Backported in 6.12.11"
11542 11542
11543CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12" 11543CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12"
11544 11544
11545CVE_STATUS[CVE-2025-21688] = "fixed-version: only affects 6.13 onwards" 11545CVE_STATUS[CVE-2025-21688] = "cpe-stable-backport: Backported in 6.12.12"
11546 11546
11547CVE_STATUS[CVE-2025-21689] = "cpe-stable-backport: Backported in 6.12.12" 11547CVE_STATUS[CVE-2025-21689] = "cpe-stable-backport: Backported in 6.12.12"
11548 11548
@@ -11570,7 +11570,7 @@ CVE_STATUS[CVE-2025-21701] = "cpe-stable-backport: Backported in 6.12.13"
11570 11570
11571CVE_STATUS[CVE-2025-21702] = "cpe-stable-backport: Backported in 6.12.14" 11571CVE_STATUS[CVE-2025-21702] = "cpe-stable-backport: Backported in 6.12.14"
11572 11572
11573CVE_STATUS[CVE-2025-21703] = "fixed-version: only affects 6.13 onwards" 11573CVE_STATUS[CVE-2025-21703] = "cpe-stable-backport: Backported in 6.12.14"
11574 11574
11575CVE_STATUS[CVE-2025-21704] = "cpe-stable-backport: Backported in 6.12.16" 11575CVE_STATUS[CVE-2025-21704] = "cpe-stable-backport: Backported in 6.12.16"
11576 11576
@@ -11784,7 +11784,7 @@ CVE_STATUS[CVE-2025-21811] = "cpe-stable-backport: Backported in 6.12.13"
11784 11784
11785CVE_STATUS[CVE-2025-21812] = "cpe-stable-backport: Backported in 6.12.13" 11785CVE_STATUS[CVE-2025-21812] = "cpe-stable-backport: Backported in 6.12.13"
11786 11786
11787CVE_STATUS[CVE-2025-21813] = "fixed-version: only affects 6.13 onwards" 11787CVE_STATUS[CVE-2025-21813] = "cpe-stable-backport: Backported in 6.12.14"
11788 11788
11789CVE_STATUS[CVE-2025-21814] = "cpe-stable-backport: Backported in 6.12.14" 11789CVE_STATUS[CVE-2025-21814] = "cpe-stable-backport: Backported in 6.12.14"
11790 11790
@@ -11794,7 +11794,7 @@ CVE_STATUS[CVE-2025-21816] = "cpe-stable-backport: Backported in 6.12.14"
11794 11794
11795# CVE-2025-21817 needs backporting (fixed from 6.14) 11795# CVE-2025-21817 needs backporting (fixed from 6.14)
11796 11796
11797CVE_STATUS[CVE-2025-21819] = "fixed-version: only affects 6.13 onwards" 11797CVE_STATUS[CVE-2025-21819] = "cpe-stable-backport: Backported in 6.12.14"
11798 11798
11799CVE_STATUS[CVE-2025-21820] = "cpe-stable-backport: Backported in 6.12.14" 11799CVE_STATUS[CVE-2025-21820] = "cpe-stable-backport: Backported in 6.12.14"
11800 11800
@@ -11884,7 +11884,7 @@ CVE_STATUS[CVE-2025-21863] = "cpe-stable-backport: Backported in 6.12.17"
11884 11884
11885CVE_STATUS[CVE-2025-21864] = "cpe-stable-backport: Backported in 6.12.17" 11885CVE_STATUS[CVE-2025-21864] = "cpe-stable-backport: Backported in 6.12.17"
11886 11886
11887CVE_STATUS[CVE-2025-21865] = "fixed-version: only affects 6.13 onwards" 11887CVE_STATUS[CVE-2025-21865] = "cpe-stable-backport: Backported in 6.12.17"
11888 11888
11889CVE_STATUS[CVE-2025-21866] = "cpe-stable-backport: Backported in 6.12.17" 11889CVE_STATUS[CVE-2025-21866] = "cpe-stable-backport: Backported in 6.12.17"
11890 11890
@@ -11958,7 +11958,7 @@ CVE_STATUS[CVE-2025-21900] = "cpe-stable-backport: Backported in 6.12.18"
11958 11958
11959CVE_STATUS[CVE-2025-21901] = "cpe-stable-backport: Backported in 6.12.18" 11959CVE_STATUS[CVE-2025-21901] = "cpe-stable-backport: Backported in 6.12.18"
11960 11960
11961CVE_STATUS[CVE-2025-21902] = "fixed-version: only affects 6.13 onwards" 11961CVE_STATUS[CVE-2025-21902] = "cpe-stable-backport: Backported in 6.12.19"
11962 11962
11963CVE_STATUS[CVE-2025-21903] = "cpe-stable-backport: Backported in 6.12.19" 11963CVE_STATUS[CVE-2025-21903] = "cpe-stable-backport: Backported in 6.12.19"
11964 11964
@@ -12212,11 +12212,11 @@ CVE_STATUS[CVE-2025-22027] = "cpe-stable-backport: Backported in 6.12.23"
12212 12212
12213CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.12.23" 12213CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.12.23"
12214 12214
12215CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.13 onwards" 12215CVE_STATUS[CVE-2025-22030] = "cpe-stable-backport: Backported in 6.12.23"
12216 12216
12217CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards" 12217CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards"
12218 12218
12219CVE_STATUS[CVE-2025-22032] = "fixed-version: only affects 6.14 onwards" 12219CVE_STATUS[CVE-2025-22032] = "cpe-stable-backport: Backported in 6.12.23"
12220 12220
12221CVE_STATUS[CVE-2025-22033] = "cpe-stable-backport: Backported in 6.12.23" 12221CVE_STATUS[CVE-2025-22033] = "cpe-stable-backport: Backported in 6.12.23"
12222 12222
@@ -12246,9 +12246,9 @@ CVE_STATUS[CVE-2025-22045] = "cpe-stable-backport: Backported in 6.12.23"
12246 12246
12247CVE_STATUS[CVE-2025-22046] = "cpe-stable-backport: Backported in 6.12.23" 12247CVE_STATUS[CVE-2025-22046] = "cpe-stable-backport: Backported in 6.12.23"
12248 12248
12249CVE_STATUS[CVE-2025-22047] = "fixed-version: only affects 6.14 onwards" 12249CVE_STATUS[CVE-2025-22047] = "cpe-stable-backport: Backported in 6.12.23"
12250 12250
12251CVE_STATUS[CVE-2025-22048] = "fixed-version: only affects 6.13 onwards" 12251CVE_STATUS[CVE-2025-22048] = "cpe-stable-backport: Backported in 6.12.23"
12252 12252
12253CVE_STATUS[CVE-2025-22049] = "cpe-stable-backport: Backported in 6.12.23" 12253CVE_STATUS[CVE-2025-22049] = "cpe-stable-backport: Backported in 6.12.23"
12254 12254
@@ -12300,13 +12300,13 @@ CVE_STATUS[CVE-2025-22072] = "cpe-stable-backport: Backported in 6.12.23"
12300 12300
12301CVE_STATUS[CVE-2025-22073] = "cpe-stable-backport: Backported in 6.12.23" 12301CVE_STATUS[CVE-2025-22073] = "cpe-stable-backport: Backported in 6.12.23"
12302 12302
12303CVE_STATUS[CVE-2025-22074] = "fixed-version: only affects 6.14 onwards" 12303CVE_STATUS[CVE-2025-22074] = "cpe-stable-backport: Backported in 6.12.23"
12304 12304
12305CVE_STATUS[CVE-2025-22075] = "cpe-stable-backport: Backported in 6.12.23" 12305CVE_STATUS[CVE-2025-22075] = "cpe-stable-backport: Backported in 6.12.23"
12306 12306
12307CVE_STATUS[CVE-2025-22076] = "cpe-stable-backport: Backported in 6.12.23" 12307CVE_STATUS[CVE-2025-22076] = "cpe-stable-backport: Backported in 6.12.23"
12308 12308
12309CVE_STATUS[CVE-2025-22077] = "fixed-version: only affects 6.13 onwards" 12309CVE_STATUS[CVE-2025-22077] = "cpe-stable-backport: Backported in 6.12.25"
12310 12310
12311CVE_STATUS[CVE-2025-22078] = "cpe-stable-backport: Backported in 6.12.23" 12311CVE_STATUS[CVE-2025-22078] = "cpe-stable-backport: Backported in 6.12.23"
12312 12312
@@ -12338,7 +12338,7 @@ CVE_STATUS[CVE-2025-22091] = "cpe-stable-backport: Backported in 6.12.23"
12338 12338
12339CVE_STATUS[CVE-2025-22092] = "fixed-version: only affects 6.13 onwards" 12339CVE_STATUS[CVE-2025-22092] = "fixed-version: only affects 6.13 onwards"
12340 12340
12341CVE_STATUS[CVE-2025-22093] = "fixed-version: only affects 6.13 onwards" 12341CVE_STATUS[CVE-2025-22093] = "cpe-stable-backport: Backported in 6.12.23"
12342 12342
12343CVE_STATUS[CVE-2025-22094] = "fixed-version: only affects 6.13 onwards" 12343CVE_STATUS[CVE-2025-22094] = "fixed-version: only affects 6.13 onwards"
12344 12344
@@ -12392,7 +12392,7 @@ CVE_STATUS[CVE-2025-22118] = "fixed-version: only affects 6.13 onwards"
12392 12392
12393CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards" 12393CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards"
12394 12394
12395CVE_STATUS[CVE-2025-22120] = "fixed-version: only affects 6.13 onwards" 12395CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26"
12396 12396
12397# CVE-2025-22121 needs backporting (fixed from 6.15rc1) 12397# CVE-2025-22121 needs backporting (fixed from 6.15rc1)
12398 12398
@@ -12506,7 +12506,7 @@ CVE_STATUS[CVE-2025-37750] = "cpe-stable-backport: Backported in 6.12.24"
12506 12506
12507CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards" 12507CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards"
12508 12508
12509CVE_STATUS[CVE-2025-37752] = "fixed-version: only affects 6.14 onwards" 12509CVE_STATUS[CVE-2025-37752] = "cpe-stable-backport: Backported in 6.12.24"
12510 12510
12511CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards" 12511CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards"
12512 12512
@@ -12522,7 +12522,7 @@ CVE_STATUS[CVE-2025-37758] = "cpe-stable-backport: Backported in 6.12.24"
12522 12522
12523CVE_STATUS[CVE-2025-37759] = "cpe-stable-backport: Backported in 6.12.24" 12523CVE_STATUS[CVE-2025-37759] = "cpe-stable-backport: Backported in 6.12.24"
12524 12524
12525CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.14 onwards" 12525CVE_STATUS[CVE-2025-37760] = "cpe-stable-backport: Backported in 6.12.25"
12526 12526
12527CVE_STATUS[CVE-2025-37761] = "cpe-stable-backport: Backported in 6.12.25" 12527CVE_STATUS[CVE-2025-37761] = "cpe-stable-backport: Backported in 6.12.25"
12528 12528
@@ -12570,7 +12570,7 @@ CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25"
12570 12570
12571CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards" 12571CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards"
12572 12572
12573CVE_STATUS[CVE-2025-37784] = "fixed-version: only affects 6.13 onwards" 12573CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25"
12574 12574
12575CVE_STATUS[CVE-2025-37785] = "cpe-stable-backport: Backported in 6.12.23" 12575CVE_STATUS[CVE-2025-37785] = "cpe-stable-backport: Backported in 6.12.23"
12576 12576
@@ -12620,15 +12620,15 @@ CVE_STATUS[CVE-2025-37809] = "cpe-stable-backport: Backported in 6.12.26"
12620 12620
12621CVE_STATUS[CVE-2025-37810] = "cpe-stable-backport: Backported in 6.12.26" 12621CVE_STATUS[CVE-2025-37810] = "cpe-stable-backport: Backported in 6.12.26"
12622 12622
12623CVE_STATUS[CVE-2025-37811] = "fixed-version: only affects 6.13 onwards" 12623CVE_STATUS[CVE-2025-37811] = "cpe-stable-backport: Backported in 6.12.26"
12624 12624
12625CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.12.26" 12625CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.12.26"
12626 12626
12627CVE_STATUS[CVE-2025-37813] = "fixed-version: only affects 6.13 onwards" 12627CVE_STATUS[CVE-2025-37813] = "cpe-stable-backport: Backported in 6.12.26"
12628 12628
12629CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.14 onwards" 12629CVE_STATUS[CVE-2025-37814] = "cpe-stable-backport: Backported in 6.12.26"
12630 12630
12631CVE_STATUS[CVE-2025-37815] = "fixed-version: only affects 6.13 onwards" 12631CVE_STATUS[CVE-2025-37815] = "cpe-stable-backport: Backported in 6.12.26"
12632 12632
12633CVE_STATUS[CVE-2025-37816] = "cpe-stable-backport: Backported in 6.12.26" 12633CVE_STATUS[CVE-2025-37816] = "cpe-stable-backport: Backported in 6.12.26"
12634 12634
@@ -12686,7 +12686,7 @@ CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24"
12686 12686
12687CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.12.24" 12687CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.12.24"
12688 12688
12689CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.14 onwards" 12689CVE_STATUS[CVE-2025-37845] = "cpe-stable-backport: Backported in 6.12.24"
12690 12690
12691CVE_STATUS[CVE-2025-37846] = "cpe-stable-backport: Backported in 6.12.24" 12691CVE_STATUS[CVE-2025-37846] = "cpe-stable-backport: Backported in 6.12.24"
12692 12692
@@ -12732,13 +12732,13 @@ CVE_STATUS[CVE-2025-37866] = "fixed-version: only affects 6.14 onwards"
12732 12732
12733CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.12.25" 12733CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.12.25"
12734 12734
12735CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.14 onwards" 12735CVE_STATUS[CVE-2025-37868] = "cpe-stable-backport: Backported in 6.12.25"
12736 12736
12737CVE_STATUS[CVE-2025-37869] = "cpe-stable-backport: Backported in 6.12.25" 12737CVE_STATUS[CVE-2025-37869] = "cpe-stable-backport: Backported in 6.12.25"
12738 12738
12739CVE_STATUS[CVE-2025-37870] = "cpe-stable-backport: Backported in 6.12.25" 12739CVE_STATUS[CVE-2025-37870] = "cpe-stable-backport: Backported in 6.12.25"
12740 12740
12741CVE_STATUS[CVE-2025-37871] = "fixed-version: only affects 6.15rc1 onwards" 12741CVE_STATUS[CVE-2025-37871] = "cpe-stable-backport: Backported in 6.12.25"
12742 12742
12743CVE_STATUS[CVE-2025-37872] = "cpe-stable-backport: Backported in 6.12.25" 12743CVE_STATUS[CVE-2025-37872] = "cpe-stable-backport: Backported in 6.12.25"
12744 12744
@@ -12786,7 +12786,7 @@ CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23"
12786 12786
12787# CVE-2025-37894 needs backporting (fixed from 6.12.28) 12787# CVE-2025-37894 needs backporting (fixed from 6.12.28)
12788 12788
12789CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.13 onwards" 12789# CVE-2025-37895 needs backporting (fixed from 6.12.28)
12790 12790
12791CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" 12791CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards"
12792 12792
@@ -12854,7 +12854,7 @@ CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards"
12854 12854
12855# CVE-2025-37928 needs backporting (fixed from 6.12.28) 12855# CVE-2025-37928 needs backporting (fixed from 6.12.28)
12856 12856
12857CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.15rc1 onwards" 12857# CVE-2025-37929 needs backporting (fixed from 6.12.28)
12858 12858
12859# CVE-2025-37930 needs backporting (fixed from 6.12.28) 12859# CVE-2025-37930 needs backporting (fixed from 6.12.28)
12860 12860
@@ -12902,7 +12902,7 @@ CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards"
12902 12902
12903# CVE-2025-37952 needs backporting (fixed from 6.12.29) 12903# CVE-2025-37952 needs backporting (fixed from 6.12.29)
12904 12904
12905CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards" 12905# CVE-2025-37953 needs backporting (fixed from 6.12.29)
12906 12906
12907# CVE-2025-37954 needs backporting (fixed from 6.12.29) 12907# CVE-2025-37954 needs backporting (fixed from 6.12.29)
12908 12908
@@ -12920,13 +12920,13 @@ CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards"
12920 12920
12921# CVE-2025-37961 needs backporting (fixed from 6.12.29) 12921# CVE-2025-37961 needs backporting (fixed from 6.12.29)
12922 12922
12923CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.15rc1 onwards" 12923# CVE-2025-37962 needs backporting (fixed from 6.12.29)
12924 12924
12925# CVE-2025-37963 needs backporting (fixed from 6.12.29) 12925# CVE-2025-37963 needs backporting (fixed from 6.12.29)
12926 12926
12927CVE_STATUS[CVE-2025-37964] = "fixed-version: only affects 6.14 onwards" 12927# CVE-2025-37964 needs backporting (fixed from 6.12.29)
12928 12928
12929CVE_STATUS[CVE-2025-37965] = "fixed-version: only affects 6.15rc2 onwards" 12929# CVE-2025-37965 needs backporting (fixed from 6.12.29)
12930 12930
12931CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" 12931CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
12932 12932
@@ -12944,7 +12944,7 @@ CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
12944 12944
12945# CVE-2025-37973 needs backporting (fixed from 6.12.29) 12945# CVE-2025-37973 needs backporting (fixed from 6.12.29)
12946 12946
12947CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.13 onwards" 12947# CVE-2025-37974 needs backporting (fixed from 6.12.29)
12948 12948
12949CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25" 12949CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
12950 12950
@@ -12998,7 +12998,7 @@ CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23"
12998 12998
12999CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23" 12999CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23"
13000 13000
13001CVE_STATUS[CVE-2025-39735] = "fixed-version: only affects 6.13 onwards" 13001CVE_STATUS[CVE-2025-39735] = "cpe-stable-backport: Backported in 6.12.23"
13002 13002
13003CVE_STATUS[CVE-2025-39755] = "fixed-version: only affects 6.13 onwards" 13003CVE_STATUS[CVE-2025-39755] = "fixed-version: only affects 6.13 onwards"
13004 13004
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index 302ec8ebc9..ea59c15a01 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -42,9 +42,11 @@ def get_fixed_versions(cve_info, base_version):
42 if affected["defaultStatus"] == "affected": 42 if affected["defaultStatus"] == "affected":
43 for version in affected["versions"]: 43 for version in affected["versions"]:
44 v = Version(version["version"]) 44 v = Version(version["version"])
45 if v == 0: 45 if v == Version('0'):
46 #Skiping non-affected 46 #Skiping non-affected
47 continue 47 continue
48 if version["status"] == "unaffected" and first_affected and v < first_affected:
49 first_affected = Version(f"{v.major}.{v.minor}")
48 if version["status"] == "affected" and not first_affected: 50 if version["status"] == "affected" and not first_affected:
49 first_affected = v 51 first_affected = v
50 elif (version["status"] == "unaffected" and 52 elif (version["status"] == "unaffected" and
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-02-03 08:55:09 +0000