From patchwork Tue Jul 4 14:07:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 26855 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D38AEB64DA for ; Tue, 4 Jul 2023 14:07:59 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.59355.1688479673228401692 for ; Tue, 04 Jul 2023 07:07:53 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 248C014BF; Tue, 4 Jul 2023 07:08:35 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 001853F73F; Tue, 4 Jul 2023 07:07:51 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 1/2] linux-yocto/cve-exclusion: move entries from cve-extra-exclusions Date: Tue, 4 Jul 2023 15:07:47 +0100 Message-Id: <20230704140748.3685070-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 04 Jul 2023 14:07:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/183833 From: Ross Burton We've a slew of CVE_CHECK_IGNOREs in cve-extra-exclusions which are to mark a CVE as not valid with the current default kernel. However, this file is kernel agnostic so if someone decides to build a 6.0 kernel then these ignores are no longer valid. Move the ignores which are to simply reflect backports to cve-exclusions_6.1.inc so that they're version-specific. As the kernel is upgraded these exclusions should be made redundant and removed from the file. Signed-off-by: Ross Burton --- .../distro/include/cve-extra-exclusions.inc | 555 ----------------- .../linux/cve-exclusion_6.1.inc | 558 +++++++++++++++++- 2 files changed, 557 insertions(+), 556 deletions(-) diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 1c3cc36c617..0ae63e2c630 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -74,52 +74,11 @@ CVE_CHECK_IGNORE += "CVE-2011-0640 CVE-2014-2648 CVE-2014-8171 CVE-2016-0774 CVE # 2018 CVE_CHECK_IGNORE += "CVE-2018-1000026 CVE-2018-10840 CVE-2018-10876 CVE-2018-10882 CVE-2018-10901 CVE-2018-10902 \ CVE-2018-14625 CVE-2018-16880 CVE-2018-16884 CVE-2018-5873" - -# This is specific to Ubuntu -CVE_CHECK_IGNORE += "CVE-2018-6559" - -# https://www.linuxkernelcves.com/cves/CVE-2019-3016 -# Fixed with 5.6 -CVE_CHECK_IGNORE += "CVE-2019-3016" - -# https://www.linuxkernelcves.com/cves/CVE-2019-3819 -# Fixed with 5.1 -CVE_CHECK_IGNORE += "CVE-2019-3819" - -# https://www.linuxkernelcves.com/cves/CVE-2019-3887 -# Fixed with 5.2 -CVE_CHECK_IGNORE += "CVE-2019-3887" - # 2020 CVE_CHECK_IGNORE += "CVE-2020-10732 CVE-2020-10742 CVE-2020-16119 CVE-2020-1749 CVE-2020-25672 CVE-2020-27820 CVE-2020-35501 CVE-2020-8834" - -# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 -# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 -# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 -# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 -CVE_CHECK_IGNORE += "CVE-2020-27784" - # 2021 CVE_CHECK_IGNORE += "CVE-2021-20194 CVE-2021-20226 CVE-2021-20265 CVE-2021-3564 CVE-2021-3743 CVE-2021-3847 CVE-2021-4002 \ CVE-2021-4090 CVE-2021-4095 CVE-2021-4197 CVE-2021-4202 CVE-2021-44879 CVE-2021-45402" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 -CVE_CHECK_IGNORE += "CVE-2021-3669" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 -# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 -# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f -# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 -# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 -CVE_CHECK_IGNORE += "CVE-2021-3759" - -# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 -CVE_CHECK_IGNORE += "CVE-2021-4218" - # 2022 CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE-2022-0382 CVE-2022-0433 CVE-2022-0435 \ CVE-2022-0492 CVE-2022-0494 CVE-2022-0500 CVE-2022-0516 CVE-2022-0617 CVE-2022-0742 CVE-2022-0854 \ @@ -129,421 +88,6 @@ CVE_CHECK_IGNORE += "CVE-2022-0185 CVE-2022-0264 CVE-2022-0286 CVE-2022-0330 CVE CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28796 CVE-2022-28893 CVE-2022-29156 \ CVE-2022-29582 CVE-2022-29968" -# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 -CVE_CHECK_IGNORE += "CVE-2022-0480" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 -# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 -# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb -# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d -CVE_CHECK_IGNORE += "CVE-2022-1184" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 -# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 -# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c -# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 -CVE_CHECK_IGNORE += "CVE-2022-1462" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 -# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54 -# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026 -# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 -# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b -# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 -# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 -# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 -CVE_CHECK_IGNORE += "CVE-2022-2196" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 -# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e -# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b -# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a -# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac -CVE_CHECK_IGNORE += "CVE-2022-2308" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 -CVE_CHECK_IGNORE += "CVE-2022-2327" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 -# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 -# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 -# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 -# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca -# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 -# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d -CVE_CHECK_IGNORE += "CVE-2022-2663" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 -# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 -# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 -# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd -CVE_CHECK_IGNORE += "CVE-2022-2785" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 -# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 -# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 -# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 -CVE_CHECK_IGNORE += "CVE-2022-3176" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 -# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf -# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc -# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977 -# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c -# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 -# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e -CVE_CHECK_IGNORE += "CVE-2022-3424" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 -# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 -# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 -# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f -# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 -# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 -# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 -# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e -# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 -CVE_CHECK_IGNORE += "CVE-2022-3435" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 -# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d -# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 -# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b -CVE_CHECK_IGNORE += "CVE-2022-3526" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 -# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 -# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 -# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 -# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b -# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d -CVE_CHECK_IGNORE += "CVE-2022-3534" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 -# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 -# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 -# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 -# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde -CVE_CHECK_IGNORE += "CVE-2022-3564" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 -# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 -# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 -# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c -CVE_CHECK_IGNORE += "CVE-2022-3619" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 -# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 -# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 -# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c -# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 -# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 -# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd -CVE_CHECK_IGNORE += "CVE-2022-3621" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 -# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 -# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f -# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c -# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 -# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff -# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 -CVE_CHECK_IGNORE += "CVE-2022-3623" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 -# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e -# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 -CVE_CHECK_IGNORE += "CVE-2022-3624" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 -# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 -# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 -# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f -# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 -# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 -# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 -CVE_CHECK_IGNORE += "CVE-2022-3625" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 -# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 -# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d -# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d -# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 -# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 -# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 -CVE_CHECK_IGNORE += "CVE-2022-3629" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 -# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da -# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 -# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b -CVE_CHECK_IGNORE += "CVE-2022-3630" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 -# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c -# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 -# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 -# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 -# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 -# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de -CVE_CHECK_IGNORE += "CVE-2022-3633" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b -# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 -# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e -# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 -# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 -CVE_CHECK_IGNORE += "CVE-2022-3635" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 -# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 -# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 -CVE_CHECK_IGNORE += "CVE-2022-3636" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 -# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 -# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 -# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea -# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 -# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 -# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab -# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd -# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a -CVE_CHECK_IGNORE += "CVE-2022-3640" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 -# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 -# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 -# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 -# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee -# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc -# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 -CVE_CHECK_IGNORE += "CVE-2022-3646" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 -# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 -# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 -# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 -# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 -CVE_CHECK_IGNORE += "CVE-2022-3649" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 -# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 -# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 -# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae -# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 -# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 -# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 -CVE_CHECK_IGNORE += "CVE-2022-4382" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 -# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 -# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 -# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 -CVE_CHECK_IGNORE += "CVE-2022-26365" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 -# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 -# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 -# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 -CVE_CHECK_IGNORE += "CVE-2022-33740" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e -# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd -# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca -# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 -CVE_CHECK_IGNORE += "CVE-2022-33741" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 -# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 -# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 -# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 -CVE_CHECK_IGNORE += "CVE-2022-33742" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e -# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 -# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 -# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 -CVE_CHECK_IGNORE += "CVE-2022-42895" - -# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 -# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b -# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 -# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a -CVE_CHECK_IGNORE += "CVE-2022-42896" - - -# 2023 - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0179 -# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0 -# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa -# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 -# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 -CVE_CHECK_IGNORE += "CVE-2023-0179" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 -# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 -# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e -# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c -# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 -CVE_CHECK_IGNORE += "CVE-2023-0266" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 -# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 -# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 -# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d -# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 -# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf -# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 -CVE_CHECK_IGNORE += "CVE-2023-0394" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 -# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578 -# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c -# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d -# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 -# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 -# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c -CVE_CHECK_IGNORE += "CVE-2023-0461" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-0386 -# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203 -# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 -# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81 -# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e -CVE_CHECK_IGNORE += "CVE-2023-0386" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 -# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5 -# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456 -# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 -# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 -# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d -CVE_CHECK_IGNORE += "CVE-2023-1073" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 -# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f -# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 -# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 -CVE_CHECK_IGNORE += "CVE-2023-1074" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1076 -# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a -# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11 -# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178 -# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427 -# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44 -# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6 -CVE_CHECK_IGNORE += "CVE-2023-1076" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 -# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 -# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 -# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 -CVE_CHECK_IGNORE += "CVE-2023-1077" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 -# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d -# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba -# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 -CVE_CHECK_IGNORE += "CVE-2023-1078" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 -# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df -# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc -# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09 -# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 -# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e -# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 -CVE_CHECK_IGNORE += "CVE-2023-1079" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 -# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6 -# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17 -# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c -# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c -# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 -# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a -# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 -CVE_CHECK_IGNORE += "CVE-2023-1118" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 -# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6 -# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2 -# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 -# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da -# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f -CVE_CHECK_IGNORE += "CVE-2023-1281" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 -# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 -# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 -# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 -# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 -# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb -CVE_CHECK_IGNORE += "CVE-2023-1513" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1652 -# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd -# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36 -# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560 -# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652 -# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652 -CVE_CHECK_IGNORE += "CVE-2023-1652" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 -# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 -# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 -# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6 -# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19 -# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd -# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd -# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829 -# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829 -CVE_CHECK_IGNORE += "CVE-2023-1829" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 -# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b -# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee -# But, the CVE is disputed: -# > NOTE: this is disputed by third parties because there are no realistic cases -# > in which a user can cause the alloc_memory_type error case to be reached. -# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 -# We can safely ignore it. -CVE_CHECK_IGNORE += "CVE-2023-23005" - -# https://nvd.nist.gov/vuln/detail/CVE-2023-28466 -# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 -# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 -# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa -# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123 -# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce -CVE_CHECK_IGNORE += "CVE-2023-28466" # Wrong CPE in NVD database # https://nvd.nist.gov/vuln/detail/CVE-2022-3563 @@ -568,102 +112,3 @@ CVE_CHECK_IGNORE += "CVE-2019-12067" # wouldn't expose an assembler. The upstream is inactive and there is little to be # done about the bug, ignore from an OE perspective. CVE_CHECK_IGNORE += "CVE-2020-18974" - -# https://www.linuxkernelcves.com/cves/CVE-2023-0459 -# Fixed in 6.1.14 onwards -CVE_CHECK_IGNORE += "CVE-2023-0459" - -# https://www.linuxkernelcves.com/cves/CVE-2023-0615 -# Fixed in 6.1 onwards -CVE_CHECK_IGNORE += "CVE-2023-0615" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1380 -# Fixed in 6.1.27 -CVE_CHECK_IGNORE += "CVE-2023-1380" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1611 -# Fixed in 6.1.23 -CVE_CHECK_IGNORE += "CVE-2023-1611" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1855 -# Fixed in 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-1855" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1859 -# Fixed in 6.1.25 -CVE_CHECK_IGNORE += "CVE-2023-1859" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1989 -# Fixed in 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-1989" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1990 -# Fixed in 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-1990" - -# https://www.linuxkernelcves.com/cves/CVE-2023-1999 -# Fixed in 6.1.16 -CVE_CHECK_IGNORE += "CVE-2023-1998" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2002 -# Fixed in 6.1.27 -CVE_CHECK_IGNORE += "CVE-2023-2002" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2156 -# Fixed in 6.1.26 -CVE_CHECK_IGNORE += "CVE-2023-2156" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2162 -# Fixed in 6.1.11 -CVE_CHECK_IGNORE += "CVE-2023-2162" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2194 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-2194" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2235 -# Fixed with 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-2235" - -# https://www.linuxkernelcves.com/cves/CVE-2023-28328 -# Fixed with 6.1.2 -CVE_CHECK_IGNORE += "CVE-2023-28328" - -# https://www.linuxkernelcves.com/cves/CVE-2023-2985 -# Fixed in 6.1.16 -CVE_CHECK_IGNORE += "CVE-2023-2985" - -# https://www.linuxkernelcves.com/cves/CVE-2023-28866 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-28866" - -# https://www.linuxkernelcves.com/cves/CVE-2023-30456 -# Fixed with 6.1.21 -CVE_CHECK_IGNORE += "CVE-2023-30456" - -# https://www.linuxkernelcves.com/cves/CVE-2023-30772 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-30772" - -# https://www.linuxkernelcves.com/cves/CVE-2023-31436 -# Fixed with 6.1.26 -CVE_CHECK_IGNORE += "CVE-2023-31436" - -# https://www.linuxkernelcves.com/cves/CVE-2023-32233 -# Fixed with 6.1.28 -CVE_CHECK_IGNORE += "CVE-2023-32233" - -# https://www.linuxkernelcves.com/cves/CVE-2023-33203 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-33203" - -# https://www.linuxkernelcves.com/cves/CVE-2023-33288 -# Fixed with 6.1.22 -CVE_CHECK_IGNORE += "CVE-2023-33288" - -# https://www.linuxkernelcves.com/cves/CVE-2023-34256 -# Fixed in 6.1.29 -CVE_CHECK_IGNORE += "CVE-2023-34256" - -# Backported to 6.1.30 as 9a342d4 -CVE_CHECK_IGNORE += "CVE-2023-3141" diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 4cc151901b8..6717cbeeebb 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,8 +1,157 @@ +# This is specific to Ubuntu +CVE_CHECK_IGNORE += "CVE-2018-6559" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3016 +# Fixed with 5.6 +CVE_CHECK_IGNORE += "CVE-2019-3016" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3819 +# Fixed with 5.1 +CVE_CHECK_IGNORE += "CVE-2019-3819" + +# https://www.linuxkernelcves.com/cves/CVE-2019-3887 +# Fixed with 5.2 +CVE_CHECK_IGNORE += "CVE-2019-3887" + +# https://nvd.nist.gov/vuln/detail/CVE-2020-27784 +# Introduced in version v4.1 b26394bd567e5ebe57ec4dee7fe6cd14023c96e9 +# Patched in kernel since v5.10 e8d5f92b8d30bb4ade76494490c3c065e12411b1 +# Backported in version v5.4.73 e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 +CVE_CHECK_IGNORE += "CVE-2020-27784" + + +# 2021 + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3669 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 20401d1058f3f841f35a594ac2fc1293710e55b9 +CVE_CHECK_IGNORE += "CVE-2021-3669" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-3759 +# Introduced in version v4.5 a9bb7e620efdfd29b6d1c238041173e411670996 +# Patched in kernel since v5.15 18319498fdd4cdf8c1c2c48cd432863b1f915d6f +# Backported in version v5.4.224 bad83d55134e647a739ebef2082541963f2cbc92 +# Backported in version v5.10.154 836686e1a01d7e2fda6a5a18252243ff30a6e196 +CVE_CHECK_IGNORE += "CVE-2021-3759" + +# https://nvd.nist.gov/vuln/detail/CVE-2021-4218 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.8 32927393dc1ccd60fb2bdc05b9e8e88753761469 +CVE_CHECK_IGNORE += "CVE-2021-4218" + + +# 2022 + +# https://nvd.nist.gov/vuln/detail/CVE-2022-0480 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.15 0f12156dff2862ac54235fc72703f18770769042 +CVE_CHECK_IGNORE += "CVE-2022-0480" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1184 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 46c116b920ebec58031f0a78c5ea9599b0d2a371 +# Backported in version v5.4.198 17034d45ec443fb0e3c0e7297f9cd10f70446064 +# Backported in version v5.10.121 da2f05919238c7bdc6e28c79539f55c8355408bb +# Backported in version v5.15.46 ca17db384762be0ec38373a12460081d22a8b42d +CVE_CHECK_IGNORE += "CVE-2022-1184" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-1462 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 a501ab75e7624d133a5a3c7ec010687c8b961d23 +# Backported in version v5.4.208 f7785092cb7f022f59ebdaa181651f7c877df132 +# Backported in version v5.10.134 08afa87f58d83dfe040572ed591b47e8cb9e225c +# Backported in version v5.15.58 b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 +CVE_CHECK_IGNORE += "CVE-2022-1462" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2196 +# Introduced in version v5.8 5c911beff20aa8639e7a1f28988736c13e03ed54 +# Breaking commit backported in v5.4.47 64b8f33b2e1e687d465b5cb382e7bec495f1e026 +# Patched in kernel since v6.2 2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 +# Backported in version v5.4.233 f93a1a5bdcdd122aae0a3eab7a52c15b71fb725b +# Backported in version v5.10.170 1b0cafaae8884726c597caded50af185ffc13349 +# Backported in version v5.15.96 6b539a7dbb49250f92515c2ba60aea239efc9e35 +# Backported in version v6.1.14 63fada296062e91ad9f871970d4e7f19e21a6a15 +CVE_CHECK_IGNORE += "CVE-2022-2196" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2308 +# Introduced in version v5.15 c8a6153b6c59d95c0e091f053f6f180952ade91e +# Patched in kernel since v6.0 46f8a29272e51b6df7393d58fc5cb8967397ef2b +# Backported in version v5.15.72 dc248ddf41eab4566e95b1ee2433c8a5134ad94a +# Backported in version v5.19.14 38d854c4a11c3bbf6a96ea46f14b282670c784ac +CVE_CHECK_IGNORE += "CVE-2022-2308" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2327 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.10.125 df3f3bb5059d20ef094d6b2f0256c4bf4127a859 +CVE_CHECK_IGNORE += "CVE-2022-2327" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663 +# Introduced in version v2.6.20 869f37d8e48f3911eb70f38a994feaa8f8380008 +# Patched in kernel since v6.0 0efe125cfb99e6773a7434f3463f7c2fa28f3a43 +# Backported in version v5.4.213 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 +# Backported in version v5.10.143 e12ce30fe593dd438c5b392290ad7316befc11ca +# Backported in version v5.15.68 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 +# Backported in version v5.19.9 6cf0609154b2ce8d3ae160e7506ab316400a8d3d +CVE_CHECK_IGNORE += "CVE-2022-2663" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-2785 +# Introduced in version v5.18 b1d18a7574d0df5eb4117c14742baf8bc2b9bb74 +# Patched in kernel since v6.0 86f44fcec22ce2979507742bc53db8400e454f46 +# Backported in version v5.19.4 b429d0b9a7a0f3dddb1f782b72629e6353f292fd +CVE_CHECK_IGNORE += "CVE-2022-2785" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3176 +# Introduced in version v5.1 221c5eb2338232f7340386de1c43decc32682e58 +# Patched in kernel since v5.17 791f3465c4afde02d7f16cf7424ca87070b69396 +# Backported in version v5.15.65 e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 +CVE_CHECK_IGNORE += "CVE-2022-3176" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3424 +# Introduced in version v2.6.33 55484c45dbeca2eec7642932ec3f60f8a2d4bdbf +# Patched in kernel since v6.2 643a16a0eb1d6ac23744bb6e90a00fc21148a9dc +# Backported in version v5.4.229 0078dd8758561540ed30b2c5daa1cb647e758977 +# Backported in version v5.10.163 0f67ed565f20ea2fdd98e3b0b0169d9e580bb83c +# Backported in version v5.15.86 d5c8f9003a289ee2a9b564d109e021fc4d05d106 +# Backported in version v6.1.2 4e947fc71bec7c7da791f8562d5da233b235ba5e +CVE_CHECK_IGNORE += "CVE-2022-3424" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3435 +# Introduced in version v5.18 6bf92d70e690b7ff12b24f4bfff5e5434d019b82 +# Breaking commit backported in v5.4.189 f5064531c23ad646da7be8b938292b00a7e61438 +# Breaking commit backported in v5.10.111 63ea57478aaa3e06a597081a0f537318fc04e49f +# Breaking commit backported in v5.15.34 907c97986d6fa77318d17659dd76c94b65dd27c5 +# Patched in kernel since v6.1 61b91eb33a69c3be11b259c5ea484505cd79f883 +# Backported in version v5.4.226 cc3cd130ecfb8b0ae52e235e487bae3f16a24a32 +# Backported in version v5.10.158 0b5394229ebae09afc07aabccb5ffd705ffd250e +# Backported in version v5.15.82 25174d91e4a32a24204060d283bd5fa6d0ddf133 +CVE_CHECK_IGNORE += "CVE-2022-3435" + # https://nvd.nist.gov/vuln/detail/CVE-2022-3523 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 # Patched in kernel since v6.1 16ce101db85db694a91380aa4c89b25530871d33 CVE_CHECK_IGNORE += "CVE-2022-3523" +# https://nvd.nist.gov/vuln/detail/CVE-2022-3526 +# Introduced in version v5.13 427f0c8c194b22edcafef1b0a42995ddc5c2227d +# Patched in kernel since v5.18 e16b859872b87650bb55b12cca5a5fcdc49c1442 +# Backported in version v5.15.35 8f79ce226ad2e9b2ec598de2b9560863b7549d1b +CVE_CHECK_IGNORE += "CVE-2022-3526" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3534 +# Introduced in version v5.10 919d2b1dbb074d438027135ba644411931179a59 +# Patched in kernel since v6.2 93c660ca40b5d2f7c1b1626e955a8e9fa30e0749 +# Backported in version v5.10.163 c61650b869e0b6fb0c0a28ed42d928eea969afc8 +# Backported in version v5.15.86 a733bf10198eb5bb927890940de8ab457491ed3b +# Backported in version v6.1.2 fbe08093fb2334549859829ef81d42570812597d +CVE_CHECK_IGNORE += "CVE-2022-3534" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3564 +# Introduced in version v3.6 4b51dae96731c9d82f5634e75ac7ffd3b9c1b060 +# Patched in kernel since v6.1 3aff8aaca4e36dc8b17eaa011684881a80238966 +# Backported in version v5.10.154 cb1c012099ef5904cd468bdb8d6fcdfdd9bcb569 +# Backported in version v5.15.78 8278a87bb1eeea94350d675ef961ee5a03341fde +CVE_CHECK_IGNORE += "CVE-2022-3564" + # https://nvd.nist.gov/vuln/detail/CVE-2022-3566 # Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 # Patched in kernel since v6.1 f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 @@ -13,8 +162,167 @@ CVE_CHECK_IGNORE += "CVE-2022-3566" # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6 CVE_CHECK_IGNORE += "CVE-2022-3567" +# https://nvd.nist.gov/vuln/detail/CVE-2022-3619 +# Introduced in version v5.12 4d7ea8ee90e42fc75995f6fb24032d3233314528 +# Patched in kernel since v6.1 7c9524d929648935bac2bbb4c20437df8f9c3f42 +# Backported in version v5.15.78 aa16cac06b752e5f609c106735bd7838f444784c +CVE_CHECK_IGNORE += "CVE-2022-3619" -# 2023 +# https://nvd.nist.gov/vuln/detail/CVE-2022-3621 +# Introduced in version v2.60.30 05fe58fdc10df9ebea04c0eaed57adc47af5c184 +# Patched in kernel since v6.1 21a87d88c2253350e115029f14fe2a10a7e6c856 +# Backported in version v5.4.218 792211333ad77fcea50a44bb7f695783159fc63c +# Backported in version v5.10.148 3f840480e31495ce674db4a69912882b5ac083f2 +# Backported in version v5.15.74 1e512c65b4adcdbdf7aead052f2162b079cc7f55 +# Backported in version v5.19.16 caf2c6b580433b3d3e413a3d54b8414a94725dcd +CVE_CHECK_IGNORE += "CVE-2022-3621" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3623 +# Introduced in version v5.1 5480280d3f2d11d47f9be59d49b20a8d7d1b33e8 +# Patched in kernel since v6.1 fac35ba763ed07ba93154c95ffc0c4a55023707f +# Backported in version v5.4.228 176ba4c19d1bb153aa6baaa61d586e785b7d736c +# Backported in version v5.10.159 fccee93eb20d72f5390432ecea7f8c16af88c850 +# Backported in version v5.15.78 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff +# Backported in version v5.19.17 86a913d55c89dd13ba070a87f61a493563e94b54 +CVE_CHECK_IGNORE += "CVE-2022-3623" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3624 +# Introduced in version v6.0 d5410ac7b0baeca91cf73ff5241d35998ecc8c9e +# Patched in kernel since v6.0 4f5d33f4f798b1c6d92b613f0087f639d9836971 +CVE_CHECK_IGNORE += "CVE-2022-3624" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3625 +# Introduced in version v4.19 45f05def5c44c806f094709f1c9b03dcecdd54f0 +# Patched in kernel since v6.0 6b4db2e528f650c7fb712961aac36455468d5902 +# Backported in version v5.4.211 1ad4ba9341f15412cf86dc6addbb73871a10212f +# Backported in version v5.10.138 0e28678a770df7989108327cfe86f835d8760c33 +# Backported in version v5.15.63 c4d09fd1e18bac11c2f7cf736048112568687301 +# Backported in version v5.19.4 26bef5616255066268c0e40e1da10cc9b78b82e9 +CVE_CHECK_IGNORE += "CVE-2022-3625" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3629 +# Introduced in version v3.9 d021c344051af91f42c5ba9fdedc176740cbd238 +# Patched in kernel since v6.0 7e97cfed9929eaabc41829c395eb0d1350fccb9d +# Backported in version v5.4.211 f82f1e2042b397277cd39f16349950f5abade58d +# Backported in version v5.10.138 38ddccbda5e8b762c8ee06670bb1f64f1be5ee50 +# Backported in version v5.15.63 e4c0428f8a6fc8c218d7fd72bddd163f05b29795 +# Backported in version v5.19.4 8ff5db3c1b3d6797eda5cd326dcd31b9cd1c5f72 +CVE_CHECK_IGNORE += "CVE-2022-3629" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3630 +# Introduced in version v5.19 85e4ea1049c70fb99de5c6057e835d151fb647da +# Patched in kernel since v6.0 fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 +# Backported in version v5.19.4 7a369dc87b66acc85d0cffcf39984344a203e20b +CVE_CHECK_IGNORE += "CVE-2022-3630" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3633 +# Introduced in version v5.4 9d71dd0c70099914fcd063135da3c580865e924c +# Patched in kernel since v6.0 8c21c54a53ab21842f5050fa090f26b03c0313d6 +# Backported in version v5.4.211 04e41b6bacf474f5431491f92e981096e8cc8e93 +# Backported in version v5.10.138 a220ff343396bae8d3b6abee72ab51f1f34b3027 +# Backported in version v5.15.63 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 +# Backported in version v5.19.4 a0278dbeaaf7ca60346c62a9add65ae7d62564de +CVE_CHECK_IGNORE += "CVE-2022-3633" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3635 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.0 3f4093e2bf4673f218c0bf17d8362337c400e77b +# Backported in version v5.4.211 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 +# Backported in version v5.10.138 a0ae122e9aeccbff75014c4d36d11a9d32e7fb5e +# Backported in version v5.15.63 a5d7ce086fe942c5ab422fd2c034968a152be4c4 +# Backported in version v5.19.4 af412b252550f9ac36d9add7b013c2a2c3463835 +CVE_CHECK_IGNORE += "CVE-2022-3635" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3636 +# Introduced in version v5.19 33fc42de33278b2b3ec6f3390512987bc29a62b7 +# Patched in kernel since v5.19 17a5f6a78dc7b8db385de346092d7d9f9dc24df6 +CVE_CHECK_IGNORE += "CVE-2022-3636" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3640 +# Introduced in version v5.19 d0be8347c623e0ac4202a1d4e0373882821f56b0 +# Breaking commit backported in v5.4.209 098e07ef0059296e710a801cdbd74b59016e6624 +# Breaking commit backported in v5.10.135 de5d4654ac6c22b1be756fdf7db18471e7df01ea +# Breaking commit backported in v5.15.59 f32d5615a78a1256c4f557ccc6543866e75d03f4 +# Patched in kernel since v6.1 0d0e2d032811280b927650ff3c15fe5020e82533 +# Backported in version v5.4.224 c1f594dddd9ffd747c39f49cc5b67a9b7677d2ab +# Backported in version v5.10.154 d9ec6e2fbd4a565b2345d4852f586b7ae3ab41fd +# Backported in version v5.15.78 a3a7b2ac64de232edb67279e804932cb42f0b52a +CVE_CHECK_IGNORE += "CVE-2022-3640" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3646 +# Introduced in version v2.6.30 9ff05123e3bfbb1d2b68ba1d9bf1f7d1dffc1453 +# Patched in kernel since v6.1 d0d51a97063db4704a5ef6bc978dddab1636a306 +# Backported in version v5.4.218 b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 +# Backported in version v5.10.148 aad4c997857f1d4b6c1e296c07e4729d3f8058ee +# Backported in version v5.15.74 44b1ee304bac03f1b879be5afe920e3a844e40fc +# Backported in version v5.19.16 4755fcd844240857b525f6e8d8b65ee140fe9570 +CVE_CHECK_IGNORE += "CVE-2022-3646" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-3649 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 d325dc6eb763c10f591c239550b8c7e5466a5d09 +# Backported in version v5.4.220 d1c2d820a2cd73867b7d352e89e92fb3ac29e926 +# Backported in version v5.10.148 21ee3cffed8fbabb669435facfd576ba18ac8652 +# Backported in version v5.15.74 cb602c2b654e26763226d8bd27a702f79cff4006 +# Backported in version v5.19.16 394b2571e9a74ddaed55aa9c4d0f5772f81c21e4 +CVE_CHECK_IGNORE += "CVE-2022-3649" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-4382 +# Introduced in version v5.3 e5d82a7360d124ae1a38c2a5eac92ba49b125191 +# Patched in kernel since v6.2-rc5 d18dcfe9860e842f394e37ba01ca9440ab2178f4 +# Backported in version v5.4.230 9a39f4626b361ee7aa10fd990401c37ec3b466ae +# Backported in version v5.10.165 856e4b5e53f21edbd15d275dde62228dd94fb2b4 +# Backported in version v5.15.90 a2e075f40122d8daf587db126c562a67abd69cf9 +# Backported in version v6.1.8 616fd34d017000ecf9097368b13d8a266f4920b3 +CVE_CHECK_IGNORE += "CVE-2022-4382" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7 +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506 +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1 +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 +CVE_CHECK_IGNORE += "CVE-2022-26365" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33740 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 307c8de2b02344805ebead3440d8feed28f2f010 +# Backported in version v5.4.204 04945b5beb73019145ac17a2565526afa7293c14 +# Backported in version v5.10.129 728d68bfe68d92eae1407b8a9edc7817d6227404 +# Backported in version v5.15.53 5dd0993c36832d33820238fc8dc741ba801b7961 +CVE_CHECK_IGNORE += "CVE-2022-33740" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33741 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +# Backported in version v5.4.204 ede57be88a5fff42cd00e6bcd071503194d398dd +# Backported in version v5.10.129 4923217af5742a796821272ee03f8d6de15c0cca +# Backported in version v5.15.53 ed3cfc690675d852c3416aedb271e0e7d179bf49 +CVE_CHECK_IGNORE += "CVE-2022-33741" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-33742 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v5.19 2400617da7eebf9167d71a46122828bc479d64c9 +# Backported in version v5.4.204 60ac50daad36ef3fe9d70d89cfe3b95d381db997 +# Backported in version v5.10.129 cbbd2d2531539212ff090aecbea9877c996e6ce6 +# Backported in version v5.15.53 6d0a9127279a4533815202e30ad1b3a39f560ba3 +CVE_CHECK_IGNORE += "CVE-2022-33742" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42895 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 b1a2cd50c0357f243b7435a732b4e62ba3157a2e +# Backported in version v5.15.78 3e4697ffdfbb38a2755012c4e571546c89ab6422 +# Backported in version v5.10.154 26ca2ac091b49281d73df86111d16e5a76e43bd7 +# Backported in version v5.4.224 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 +CVE_CHECK_IGNORE += "CVE-2022-42895" + +# https://nvd.nist.gov/vuln/detail/CVE-2022-42896 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.1 711f8c3fb3db61897080468586b970c87c61d9e4 +# Backported in version v5.4.226 0d87bb6070361e5d1d9cb391ba7ee73413bc109b +# Backported in version v5.10.154 6b6f94fb9a74dd2891f11de4e638c6202bc89476 +# Backported in version v5.15.78 81035e1201e26d57d9733ac59140a3e29befbc5a +CVE_CHECK_IGNORE += "CVE-2022-42896" # https://nvd.nist.gov/vuln/detail/CVE-2022-38457 # https://nvd.nist.gov/vuln/detail/CVE-2022-40133 @@ -28,9 +336,257 @@ CVE_CHECK_IGNORE += "CVE-2022-3567" # * https://lore.kernel.org/all/CAODzB9q3OBD0k6W2bcWrSZo2jC3EvV0PrLyWmO07rxR4nQgkJA@mail.gmail.com/T/ CVE_CHECK_IGNORE += "CVE-2022-38457 CVE-2022-40133" + +# 2023 + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0179 +# Patched in kernel since v6.2 696e1a48b1a1b01edad542a1ef293665864a4dd0 +# Backported in version v5.10.164 550efeff989b041f3746118c0ddd863c39ddc1aa +# Backported in version v5.15.89 a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 +# Backported in version v6.1.7 76ef74d4a379faa451003621a84e3498044e7aa3 +CVE_CHECK_IGNORE += "CVE-2023-0179" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0266 +# Introduced in version v2.6.12 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 +# Patched in kernel since v6.2 56b88b50565cd8b946a2d00b0c83927b7ebb055e +# Backported in version v5.15.88 26350c21bc5e97a805af878e092eb8125843fe2c +# Backported in version v6.1.6 d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 +CVE_CHECK_IGNORE += "CVE-2023-0266" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0394 +# Introduced in version 2.6.12 357b40a18b04c699da1d45608436e9b76b50e251 +# Patched in kernel since v6.2 cb3e9864cdbe35ff6378966660edbcbac955fe17 +# Backported in version v5.4.229 3998dba0f78a59922b0ef333ccfeb58d9410cd3d +# Backported in version v5.10.164 6c9e2c11c33c35563d34d12b343d43b5c12200b5 +# Backported in version v5.15.89 456e3794e08a0b59b259da666e31d0884b376bcf +# Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4 +CVE_CHECK_IGNORE += "CVE-2023-0394" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0386 +# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203 +# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 +# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81 +# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e +CVE_CHECK_IGNORE += "CVE-2023-0386" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-0461 +# Introduced in version v4.13 734942cc4ea6478eed125af258da1bdbb4afe578 +# Patched in kernel since v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c +# Backported in version v5.4.229 c6d29a5ffdbc362314853462a0e24e63330a654d +# Backported in version v5.10.163 f8ed0a93b5d576bbaf01639ad816473bdfd1dcb0 +# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6 +# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c +CVE_CHECK_IGNORE += "CVE-2023-0461" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1073 +# Introduced in v3.16 1b15d2e5b8077670b1e6a33250a0d9577efff4a5 +# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456 +# Backported in version 5.10.166 5dc3469a1170dd1344d262a332b26994214eeb58 +# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64 +# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d +CVE_CHECK_IGNORE += "CVE-2023-1073" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1074 +# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f +# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32 +# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3 +CVE_CHECK_IGNORE += "CVE-2023-1074" + # https://nvd.nist.gov/vuln/detail/CVE-2023-1075 # Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221 # Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb # Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50 # 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch CVE_CHECK_IGNORE += "CVE-2023-1075" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1076 +# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a +# Backported in version v5.4.235 d92d87000eda9884d49f1acec1c1fccd63cd9b11 +# Backported in version v5.10.173 9a31af61f397500ccae49d56d809b2217d1e2178 +# Backported in version v5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427 +# Backported in version v6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44 +# Backported in version v6.2.3 4aa4b4b3b3e9551c4de2bf2987247c28805fb8f6 +CVE_CHECK_IGNORE += "CVE-2023-1076" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1077 +# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97 +# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 +# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 +CVE_CHECK_IGNORE += "CVE-2023-1077" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1078 +# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d +# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba +# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 +CVE_CHECK_IGNORE += "CVE-2023-1078" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1079 +# Patched in kernel since v6.3-rc1 4ab3a086d10eeec1424f2e8a968827a6336203df +# Backported in version v5.4.235 dd08e68d04d08d2f42b09162c939a0b0841216cc +# Backported in version v5.10.173 21a2eec4a440060a6eb294dc890eaf553101ba09 +# Backported in version v5.15.99 3959316f8ceb17866646abc6be4a332655407138 +# Backported in version v6.1.16 ee907829b36949c452c6f89485cb2a58e97c048e +# Backported in version v6.2.3 b08bcfb4c97d7bd41b362cff44b2c537ce9e8540 +CVE_CHECK_IGNORE += "CVE-2023-1079" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1118 +# Introduced in version v2.6.36 9ea53b74df9c4681f5bb2da6b2e10e37d87ea6d6 +# Patched in kernel since v6.3-rc1 29b0589a865b6f66d141d79b2dd1373e4e50fe17 +# Backported in version v5.4.235 d120334278b370b6a1623a75ebe53b0c76cb247c +# Backported in version v5.10.173 78da5a378bdacd5bf68c3a6389bdc1dd0c0f5b3c +# Backported in version v5.15.99 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 +# Backported in version v6.1.16 029c1410e345ce579db5c007276340d072aac54a +# Backported in version v6.2.3 182ea492aae5b64067277e60a4ea5995c4628555 +CVE_CHECK_IGNORE += "CVE-2023-1118" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1281 +# Introduced in version v4.14 9b0d4446b56904b59ae3809913b0ac760fa941a6 +# Patched in kernel since v6.2 ee059170b1f7e94e55fa6cadee544e176a6e59c2 +# Backported in version v5.10.169 eb8e9d8572d1d9df17272783ad8a84843ce559d4 +# Backported in version v5.15.95 becf55394f6acb60dd60634a1c797e73c747f9da +# Backported in version v6.1.13 bd662ba56187b5ef8a62a3511371cd38299a507f +CVE_CHECK_IGNORE += "CVE-2023-1281" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1513 +# Patched in kernel since v6.2 2c10b61421a28e95a46ab489fd56c0f442ff6952 +# Backported in version v5.4.232 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 +# Backported in version v5.10.169 6416c2108ba54d569e4c98d3b62ac78cb12e7107 +# Backported in version v5.15.95 35351e3060d67eed8af1575d74b71347a87425d8 +# Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb +CVE_CHECK_IGNORE += "CVE-2023-1513" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1652 +# Patched in kernel since v6.2 e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd +# Backported in version v5.15.91 0a27dcd5343026ac0cb168ee63304255372b7a36 +# Backported in version v6.1.9 32d5eb95f8f0e362e37c393310b13b9e95404560 +# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1652 +# Ref: Debian kernel-sec team: https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/retired/CVE-2023-1652 +CVE_CHECK_IGNORE += "CVE-2023-1652" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-1829 +# Patched in kernel since v6.3-rc1 8c710f75256bb3cf05ac7b1672c82b92c43f3d28 +# Backported in version v5.4.235 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 +# Backported in version v5.10.173 18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6 +# Backported in version v5.15.100 7c183dc0af472dec33d2c0786a5e356baa8cad19 +# Backported in version v6.1.18 3abebc503a5148072052c229c6b04b329a420ecd +# Backported in version v6.2.5 372ae77cf11d11fb118cbe2d37def9dd5f826abd +# Ref: https://www.linuxkernelcves.com/cves/CVE-2023-1829 +# Ref: Debian kernel-sec team : https://salsa.debian.org/kernel-team/kernel-sec/-/blob/1fa77554d4721da54e2df06fa1908a83ba6b1045/active/CVE-2023-1829 +CVE_CHECK_IGNORE += "CVE-2023-1829" + +# https://www.linuxkernelcves.com/cves/CVE-2023-0459 +# Fixed in 6.1.14 onwards +CVE_CHECK_IGNORE += "CVE-2023-0459" + +# https://www.linuxkernelcves.com/cves/CVE-2023-0615 +# Fixed in 6.1 onwards +CVE_CHECK_IGNORE += "CVE-2023-0615" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1380 +# Fixed in 6.1.27 +CVE_CHECK_IGNORE += "CVE-2023-1380" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1611 +# Fixed in 6.1.23 +CVE_CHECK_IGNORE += "CVE-2023-1611" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1855 +# Fixed in 6.1.21 +CVE_CHECK_IGNORE += "CVE-2023-1855" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1859 +# Fixed in 6.1.25 +CVE_CHECK_IGNORE += "CVE-2023-1859" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1989 +# Fixed in 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-1989" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1990 +# Fixed in 6.1.21 +CVE_CHECK_IGNORE += "CVE-2023-1990" + +# https://www.linuxkernelcves.com/cves/CVE-2023-1999 +# Fixed in 6.1.16 +CVE_CHECK_IGNORE += "CVE-2023-1998" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2002 +# Fixed in 6.1.27 +CVE_CHECK_IGNORE += "CVE-2023-2002" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2156 +# Fixed in 6.1.26 +CVE_CHECK_IGNORE += "CVE-2023-2156" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2162 +# Fixed in 6.1.11 +CVE_CHECK_IGNORE += "CVE-2023-2162" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2194 +# Fixed with 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-2194" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2235 +# Fixed with 6.1.21 +CVE_CHECK_IGNORE += "CVE-2023-2235" + +# https://www.linuxkernelcves.com/cves/CVE-2023-2985 +# Fixed in 6.1.16 +CVE_CHECK_IGNORE += "CVE-2023-2985" + +# Backported to 6.1.30 as 9a342d4 +CVE_CHECK_IGNORE += "CVE-2023-3141" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 +# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b +# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee +# But, the CVE is disputed: +# > NOTE: this is disputed by third parties because there are no realistic cases +# > in which a user can cause the alloc_memory_type error case to be reached. +# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 +# We can safely ignore it. +CVE_CHECK_IGNORE += "CVE-2023-23005" + +# https://www.linuxkernelcves.com/cves/CVE-2023-28328 +# Fixed with 6.1.2 +CVE_CHECK_IGNORE += "CVE-2023-28328" + +# https://nvd.nist.gov/vuln/detail/CVE-2023-28466 +# Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 +# Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 +# Backported in version v5.15.105 0b54d75aa43a1edebc8a3770901f5c3557ee0daa +# Backported in version v6.1.20 14c17c673e1bba08032d245d5fb025d1cbfee123 +# Backported in version v6.2.7 5231fa057bb0e52095591b303cf95ebd17bc62ce +CVE_CHECK_IGNORE += "CVE-2023-28466" + +# https://www.linuxkernelcves.com/cves/CVE-2023-28866 +# Fixed with 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-28866" + +# https://www.linuxkernelcves.com/cves/CVE-2023-30456 +# Fixed with 6.1.21 +CVE_CHECK_IGNORE += "CVE-2023-30456" + +# https://www.linuxkernelcves.com/cves/CVE-2023-30772 +# Fixed with 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-30772" + +# https://www.linuxkernelcves.com/cves/CVE-2023-31436 +# Fixed with 6.1.26 +CVE_CHECK_IGNORE += "CVE-2023-31436" + +# https://www.linuxkernelcves.com/cves/CVE-2023-32233 +# Fixed with 6.1.28 +CVE_CHECK_IGNORE += "CVE-2023-32233" + +# https://www.linuxkernelcves.com/cves/CVE-2023-33203 +# Fixed with 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-33203" + +# https://www.linuxkernelcves.com/cves/CVE-2023-33288 +# Fixed with 6.1.22 +CVE_CHECK_IGNORE += "CVE-2023-33288" + +# https://www.linuxkernelcves.com/cves/CVE-2023-34256 +# Fixed in 6.1.29 +CVE_CHECK_IGNORE += "CVE-2023-34256"