diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/contrib/improve_kernel_cve_report.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py index 829cc4cd30..a81aa0ff94 100755 --- a/scripts/contrib/improve_kernel_cve_report.py +++ b/scripts/contrib/improve_kernel_cve_report.py | |||
| @@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry): | |||
| 340 | if cve_data[cve]['status'] == entry['status']: | 340 | if cve_data[cve]['status'] == entry['status']: |
| 341 | return | 341 | return |
| 342 | if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched": | 342 | if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched": |
| 343 | # Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch) | ||
| 344 | # has priority over unpatch from CNA | ||
| 345 | if cve_data[cve]['detail'] == "backported-patch": | ||
| 346 | return | ||
| 343 | logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve) | 347 | logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve) |
| 344 | cve_data[cve] = copy_data(cve_data[cve], entry) | 348 | cve_data[cve] = copy_data(cve_data[cve], entry) |
| 345 | return | 349 | return |