From bc47b236c487fc01b5aca264b801ed80e2f99e9a Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Wed, 13 Aug 2025 16:49:18 -0400
Subject: linux-yocto/6.12: update CVE exclusions (6.12.40)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 4 changes (1 new | 3 updated): - 1 new CVEs: CVE-2025-8126 - 3 updated CVEs: CVE-2025-31952, CVE-2025-31953, CVE-2025-31955
        Date: Fri, 25 Jul 2025 02:18:30 +0000

    ]

(From OE-Core rev: 3dfad0c48a5b60bc9dd7c96c07ed914b020c463e)

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e504bd7a9e908be0937d6fc9f6b9699b0acdc2aa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/cve-exclusion_6.12.inc | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index b408071a67..127350ca58 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,12 +1,12 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-07-18 14:17:49.367230+00:00 for kernel version 6.12.39
-# From linux_kernel_cves cve_2025-07-18_1400Z
+# Generated at 2025-07-25 02:49:32.259439+00:00 for kernel version 6.12.40
+# From linux_kernel_cves cve_2025-07-25_0100Z-1-g854b2f05e2c
 
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.39"
+    this_version = "6.12.40"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -12939,7 +12939,7 @@ CVE_STATUS[CVE-2025-22112] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-22114] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-22115 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22115] = "cpe-stable-backport: Backported in 6.12.40"
 
 # CVE-2025-22116 needs backporting (fixed from 6.15)
 
@@ -14237,6 +14237,12 @@ CVE_STATUS[CVE-2025-38348] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-38349] = "cpe-stable-backport: Backported in 6.12.39"
 
+CVE_STATUS[CVE-2025-38350] = "cpe-stable-backport: Backported in 6.12.37"
+
+# CVE-2025-38351 needs backporting (fixed from 6.16rc6)
+
+CVE_STATUS[CVE-2025-38352] = "cpe-stable-backport: Backported in 6.12.34"
+
 CVE_STATUS[CVE-2025-38479] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-38575] = "cpe-stable-backport: Backported in 6.12.23"
-- 
cgit v1.2.3-54-g00ecf