diff mbox series

[mickledore] linux-yocto: update CVE exclusions

Message ID 20230923094649.659621-1-ross.burton@arm.com
State New
Headers show
Series [mickledore] linux-yocto: update CVE exclusions | expand

Commit Message

Ross Burton Sept. 23, 2023, 9:46 a.m. UTC 
From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../linux/cve-exclusion_6.1.inc               | 157 ++++++++++++++----
 1 file changed, 123 insertions(+), 34 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 4e809940db0..1656ffc8b5e 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 16:54:59.886795 for version 6.1.38"
+# Generated at 2023-09-23 10:45:45.248445 for version 6.1.46
 
 python check_kernel_cve_status_version() {
-    this_version = "6.1.38"
+    this_version = "6.1.46"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4839,6 +4839,8 @@  CVE_CHECK_IGNORE += "CVE-2020-27194"
 # fixed-version: Fixed after version 5.6rc4
 CVE_CHECK_IGNORE += "CVE-2020-2732"
 
+# CVE-2020-27418 has no known resolution
+
 # fixed-version: Fixed after version 5.10rc1
 CVE_CHECK_IGNORE += "CVE-2020-27673"
 
@@ -6464,7 +6466,8 @@  CVE_CHECK_IGNORE += "CVE-2022-40768"
 # fixed-version: Fixed after version 6.0rc4
 CVE_CHECK_IGNORE += "CVE-2022-4095"
 
-# CVE-2022-40982 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2022-40982"
 
 # cpe-stable-backport: Backported in 6.1.4
 CVE_CHECK_IGNORE += "CVE-2022-41218"
@@ -6546,9 +6549,9 @@  CVE_CHECK_IGNORE += "CVE-2022-4382"
 # fixed-version: Fixed after version 6.1rc1
 CVE_CHECK_IGNORE += "CVE-2022-43945"
 
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-44034 has no known resolution
 
@@ -6561,13 +6564,16 @@  CVE_CHECK_IGNORE += "CVE-2022-45869"
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45886"
 
-# CVE-2022-45887 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45887"
 
 # CVE-2022-45888 needs backporting (fixed from 6.2rc1)
 
-# CVE-2022-45919 has no known resolution
+# cpe-stable-backport: Backported in 6.1.33
+CVE_CHECK_IGNORE += "CVE-2022-45919"
 
 # fixed-version: Fixed after version 6.1
 CVE_CHECK_IGNORE += "CVE-2022-45934"
@@ -6629,7 +6635,8 @@  CVE_CHECK_IGNORE += "CVE-2022-48424"
 # cpe-stable-backport: Backported in 6.1.33
 CVE_CHECK_IGNORE += "CVE-2022-48425"
 
-# CVE-2022-48502 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2022-48502"
 
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
@@ -6643,7 +6650,8 @@  CVE_CHECK_IGNORE += "CVE-2023-0047"
 # fixed-version: Fixed after version 6.0rc4
 CVE_CHECK_IGNORE += "CVE-2023-0122"
 
-# CVE-2023-0160 has no known resolution
+# cpe-stable-backport: Backported in 6.1.28
+CVE_CHECK_IGNORE += "CVE-2023-0160"
 
 # cpe-stable-backport: Backported in 6.1.7
 CVE_CHECK_IGNORE += "CVE-2023-0179"
@@ -6726,7 +6734,8 @@  CVE_CHECK_IGNORE += "CVE-2023-1192"
 # fixed-version: Fixed after version 6.1rc3
 CVE_CHECK_IGNORE += "CVE-2023-1195"
 
-# CVE-2023-1206 needs backporting (fixed from 6.1.43)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-1206"
 
 # fixed-version: Fixed after version 5.18rc1
 CVE_CHECK_IGNORE += "CVE-2023-1249"
@@ -6809,11 +6818,14 @@  CVE_CHECK_IGNORE += "CVE-2023-2008"
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-2019"
 
-# CVE-2023-20569 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2023-20569"
 
-# CVE-2023-20588 has no known resolution
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-20588"
 
-# CVE-2023-20593 needs backporting (fixed from 6.1.41)
+# cpe-stable-backport: Backported in 6.1.41
+CVE_CHECK_IGNORE += "CVE-2023-20593"
 
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-20928"
@@ -6922,7 +6934,7 @@  CVE_CHECK_IGNORE += "CVE-2023-23559"
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2023-23586"
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+# CVE-2023-2430 needs backporting (fixed from 6.1.50)
 
 # cpe-stable-backport: Backported in 6.1.22
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -6933,6 +6945,8 @@  CVE_CHECK_IGNORE += "CVE-2023-25012"
 # fixed-version: Fixed after version 6.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-2513"
 
+# CVE-2023-25775 needs backporting (fixed from 6.1.53)
+
 # fixed-version: only affects 6.3rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-2598"
 
@@ -6979,7 +6993,8 @@  CVE_CHECK_IGNORE += "CVE-2023-28772"
 # cpe-stable-backport: Backported in 6.1.22
 CVE_CHECK_IGNORE += "CVE-2023-28866"
 
-# CVE-2023-2898 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-2898"
 
 # cpe-stable-backport: Backported in 6.1.16
 CVE_CHECK_IGNORE += "CVE-2023-2985"
@@ -7007,7 +7022,7 @@  CVE_CHECK_IGNORE += "CVE-2023-3106"
 
 # CVE-2023-31082 has no known resolution
 
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
@@ -7019,7 +7034,8 @@  CVE_CHECK_IGNORE += "CVE-2023-3111"
 # cpe-stable-backport: Backported in 6.1.35
 CVE_CHECK_IGNORE += "CVE-2023-3117"
 
-# CVE-2023-31248 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-31248"
 
 # cpe-stable-backport: Backported in 6.1.30
 CVE_CHECK_IGNORE += "CVE-2023-3141"
@@ -7083,7 +7099,8 @@  CVE_CHECK_IGNORE += "CVE-2023-3317"
 # cpe-stable-backport: Backported in 6.1.22
 CVE_CHECK_IGNORE += "CVE-2023-33203"
 
-# CVE-2023-33250 has no known resolution
+# fixed-version: only affects 6.2rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-33250"
 
 # cpe-stable-backport: Backported in 6.1.22
 CVE_CHECK_IGNORE += "CVE-2023-33288"
@@ -7123,12 +7140,14 @@  CVE_CHECK_IGNORE += "CVE-2023-34255"
 # cpe-stable-backport: Backported in 6.1.29
 CVE_CHECK_IGNORE += "CVE-2023-34256"
 
-# CVE-2023-34319 has no known resolution
+# cpe-stable-backport: Backported in 6.1.44
+CVE_CHECK_IGNORE += "CVE-2023-34319"
 
 # fixed-version: Fixed after version 5.18rc5
 CVE_CHECK_IGNORE += "CVE-2023-3439"
 
-# CVE-2023-35001 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-35001"
 
 # cpe-stable-backport: Backported in 6.1.11
 CVE_CHECK_IGNORE += "CVE-2023-3567"
@@ -7161,19 +7180,25 @@  CVE_CHECK_IGNORE += "CVE-2023-3609"
 # cpe-stable-backport: Backported in 6.1.36
 CVE_CHECK_IGNORE += "CVE-2023-3610"
 
-# CVE-2023-3611 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3611"
 
 # CVE-2023-3640 has no known resolution
 
-# CVE-2023-37453 has no known resolution
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-37453"
 
 # CVE-2023-37454 has no known resolution
 
-# CVE-2023-3772 has no known resolution
+# CVE-2023-3772 needs backporting (fixed from 6.1.47)
 
-# CVE-2023-3773 has no known resolution
+# CVE-2023-3773 needs backporting (fixed from 6.1.47)
 
-# CVE-2023-3776 needs backporting (fixed from 6.1.40)
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3776"
+
+# cpe-stable-backport: Backported in 6.1.42
+CVE_CHECK_IGNORE += "CVE-2023-3777"
 
 # fixed-version: Fixed after version 6.1rc4
 CVE_CHECK_IGNORE += "CVE-2023-3812"
@@ -7202,25 +7227,89 @@  CVE_CHECK_IGNORE += "CVE-2023-38431"
 # cpe-stable-backport: Backported in 6.1.36
 CVE_CHECK_IGNORE += "CVE-2023-38432"
 
-# CVE-2023-3863 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-3863"
 
-# CVE-2023-4004 needs backporting (fixed from 6.1.42)
+# cpe-stable-backport: Backported in 6.1.36
+CVE_CHECK_IGNORE += "CVE-2023-3865"
+
+# cpe-stable-backport: Backported in 6.1.36
+CVE_CHECK_IGNORE += "CVE-2023-3866"
+
+# cpe-stable-backport: Backported in 6.1.40
+CVE_CHECK_IGNORE += "CVE-2023-3867"
+
+# cpe-stable-backport: Backported in 6.1.42
+CVE_CHECK_IGNORE += "CVE-2023-4004"
 
 # CVE-2023-4010 has no known resolution
 
-# CVE-2023-4128 needs backporting (fixed from 6.5rc5)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-4015"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-40283"
 
-# CVE-2023-4132 needs backporting (fixed from 6.1.39)
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4128"
+
+# cpe-stable-backport: Backported in 6.1.39
+CVE_CHECK_IGNORE += "CVE-2023-4132"
 
 # CVE-2023-4133 needs backporting (fixed from 6.3)
 
 # CVE-2023-4134 needs backporting (fixed from 6.5rc1)
 
-# CVE-2023-4147 needs backporting (fixed from 6.1.43)
+# cpe-stable-backport: Backported in 6.1.43
+CVE_CHECK_IGNORE += "CVE-2023-4147"
+
+# cpe-stable-backport: Backported in 6.1.46
+CVE_CHECK_IGNORE += "CVE-2023-4155"
+
+# fixed-version: only affects 6.3rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4194"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4206"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4207"
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4208"
+
+# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+
+# cpe-stable-backport: Backported in 6.1.45
+CVE_CHECK_IGNORE += "CVE-2023-4273"
+
+# fixed-version: Fixed after version 5.19rc1
+CVE_CHECK_IGNORE += "CVE-2023-4385"
+
+# fixed-version: Fixed after version 5.18
+CVE_CHECK_IGNORE += "CVE-2023-4387"
+
+# fixed-version: Fixed after version 5.18rc3
+CVE_CHECK_IGNORE += "CVE-2023-4389"
+
+# fixed-version: Fixed after version 6.0rc3
+CVE_CHECK_IGNORE += "CVE-2023-4394"
+
+# fixed-version: Fixed after version 5.18
+CVE_CHECK_IGNORE += "CVE-2023-4459"
+
+# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+
+# CVE-2023-4569 needs backporting (fixed from 6.1.47)
+
+# fixed-version: only affects 6.4rc1 onwards
+CVE_CHECK_IGNORE += "CVE-2023-4611"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
 
-# CVE-2023-4155 has no known resolution
+# CVE-2023-4623 needs backporting (fixed from 6.1.53)
 
-# CVE-2023-4194 needs backporting (fixed from 6.5rc5)
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
 
-# CVE-2023-4273 needs backporting (fixed from 6.5rc5)
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)