From patchwork Mon Aug 21 12:11:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 29197 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39A16EE49A6 for ; Mon, 21 Aug 2023 12:12:04 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.9362.1692619923411974322 for ; Mon, 21 Aug 2023 05:12:03 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 3401F143D; Mon, 21 Aug 2023 05:12:43 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DC9B13F762; Mon, 21 Aug 2023 05:12:01 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH 2/2] linux/cve-exclusions: update CVE_STATUS exclusions Date: Mon, 21 Aug 2023 13:11:59 +0100 Message-Id: <20230821121159.3924600-2-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230821121159.3924600-1-ross.burton@arm.com> References: <20230821121159.3924600-1-ross.burton@arm.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 21 Aug 2023 12:12:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/186436 From: Ross Burton Signed-off-by: Ross Burton --- .../linux/cve-exclusion_6.1.inc | 42 +++++++++++++++++-- .../linux/cve-exclusion_6.4.inc | 42 +++++++++++++++++-- 2 files changed, 78 insertions(+), 6 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 2441788008a..499785f6d2d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,5 +1,5 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-08-09 15:51:19.757857 for version 6.1.43 +# Generated at 2023-08-21 12:41:13.991251 for version 6.1.43 CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed after version 2.6.12rc2" @@ -4451,6 +4451,8 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1" CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" +# CVE-2022-40982 has no known resolution + CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4" CVE_STATUS[CVE-2022-41222] = "fixed-version: Fixed after version 5.14rc1" @@ -4635,7 +4637,7 @@ CVE_STATUS[CVE-2023-1192] = "cpe-stable-backport: Backported in 6.1.33" CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed after version 6.1rc3" -# CVE-2023-1206 has no known resolution +CVE_STATUS[CVE-2023-1206] = "cpe-stable-backport: Backported in 6.1.43" CVE_STATUS[CVE-2023-1249] = "fixed-version: Fixed after version 5.18rc1" @@ -4691,7 +4693,11 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4" CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" -# CVE-2023-20593 has no known resolution +# CVE-2023-20569 has no known resolution + +# CVE-2023-20588 has no known resolution + +CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41" CVE_STATUS[CVE-2023-20928] = "fixed-version: Fixed after version 6.0rc1" @@ -4709,6 +4715,10 @@ CVE_STATUS[CVE-2023-2124] = "cpe-stable-backport: Backported in 6.1.33" CVE_STATUS[CVE-2023-21255] = "cpe-stable-backport: Backported in 6.1.31" +# CVE-2023-21264 needs backporting (fixed from 6.4rc5) + +# CVE-2023-21400 has no known resolution + CVE_STATUS[CVE-2023-2156] = "cpe-stable-backport: Backported in 6.1.26" CVE_STATUS[CVE-2023-2162] = "cpe-stable-backport: Backported in 6.1.11" @@ -4777,6 +4787,8 @@ CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards" # CVE-2023-26242 has no known resolution +# CVE-2023-2640 has no known resolution + CVE_STATUS[CVE-2023-26544] = "cpe-stable-backport: Backported in 6.1.3" CVE_STATUS[CVE-2023-26545] = "cpe-stable-backport: Backported in 6.1.13" @@ -4867,6 +4879,8 @@ CVE_STATUS[CVE-2023-32258] = "cpe-stable-backport: Backported in 6.1.29" CVE_STATUS[CVE-2023-32269] = "cpe-stable-backport: Backported in 6.1.11" +# CVE-2023-32629 has no known resolution + CVE_STATUS[CVE-2023-3268] = "cpe-stable-backport: Backported in 6.1.28" CVE_STATUS[CVE-2023-3269] = "cpe-stable-backport: Backported in 6.1.37" @@ -4905,6 +4919,8 @@ CVE_STATUS[CVE-2023-34255] = "cpe-stable-backport: Backported in 6.1.33" CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29" +# CVE-2023-34319 has no known resolution + CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" CVE_STATUS[CVE-2023-35001] = "cpe-stable-backport: Backported in 6.1.39" @@ -4965,3 +4981,23 @@ CVE_STATUS[CVE-2023-38432] = "cpe-stable-backport: Backported in 6.1.36" CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39" +CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" + +# CVE-2023-4010 has no known resolution + +# CVE-2023-4128 needs backporting (fixed from 6.5rc5) + +CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39" + +# CVE-2023-4133 needs backporting (fixed from 6.3) + +# CVE-2023-4134 needs backporting (fixed from 6.5rc1) + +CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43" + +# CVE-2023-4155 has no known resolution + +# CVE-2023-4194 needs backporting (fixed from 6.5rc5) + +# CVE-2023-4273 needs backporting (fixed from 6.5rc5) + diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc index 98e9ee25a5b..b9210724bf0 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc @@ -1,5 +1,5 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-08-09 15:51:30.073765 for version 6.4.9 +# Generated at 2023-08-21 12:41:33.545124 for version 6.4.9 CVE_STATUS[CVE-2003-1604] = "fixed-version: Fixed after version 2.6.12rc2" @@ -4451,6 +4451,8 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1" CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4" +# CVE-2022-40982 has no known resolution + CVE_STATUS[CVE-2022-41218] = "fixed-version: Fixed after version 6.2rc1" CVE_STATUS[CVE-2022-41222] = "fixed-version: Fixed after version 5.14rc1" @@ -4635,7 +4637,7 @@ CVE_STATUS[CVE-2023-1192] = "fixed-version: Fixed after version 6.4rc1" CVE_STATUS[CVE-2023-1195] = "fixed-version: Fixed after version 6.1rc3" -# CVE-2023-1206 has no known resolution +CVE_STATUS[CVE-2023-1206] = "cpe-stable-backport: Backported in 6.4.8" CVE_STATUS[CVE-2023-1249] = "fixed-version: Fixed after version 5.18rc1" @@ -4691,7 +4693,11 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4" CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1" -# CVE-2023-20593 has no known resolution +# CVE-2023-20569 has no known resolution + +# CVE-2023-20588 has no known resolution + +CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.4.6" CVE_STATUS[CVE-2023-20928] = "fixed-version: Fixed after version 6.0rc1" @@ -4709,6 +4715,10 @@ CVE_STATUS[CVE-2023-2124] = "fixed-version: Fixed after version 6.4rc1" CVE_STATUS[CVE-2023-21255] = "fixed-version: Fixed after version 6.4rc4" +CVE_STATUS[CVE-2023-21264] = "fixed-version: Fixed after version 6.4rc5" + +# CVE-2023-21400 has no known resolution + CVE_STATUS[CVE-2023-2156] = "fixed-version: Fixed after version 6.3" CVE_STATUS[CVE-2023-2162] = "fixed-version: Fixed after version 6.2rc6" @@ -4777,6 +4787,8 @@ CVE_STATUS[CVE-2023-2598] = "fixed-version: Fixed after version 6.4rc1" # CVE-2023-26242 has no known resolution +# CVE-2023-2640 has no known resolution + CVE_STATUS[CVE-2023-26544] = "fixed-version: Fixed after version 6.2rc1" CVE_STATUS[CVE-2023-26545] = "fixed-version: Fixed after version 6.2" @@ -4867,6 +4879,8 @@ CVE_STATUS[CVE-2023-32258] = "fixed-version: Fixed after version 6.4rc1" CVE_STATUS[CVE-2023-32269] = "fixed-version: Fixed after version 6.2rc7" +# CVE-2023-32629 has no known resolution + CVE_STATUS[CVE-2023-3268] = "fixed-version: Fixed after version 6.4rc1" CVE_STATUS[CVE-2023-3269] = "cpe-stable-backport: Backported in 6.4.1" @@ -4905,6 +4919,8 @@ CVE_STATUS[CVE-2023-34255] = "fixed-version: Fixed after version 6.4rc1" CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed after version 6.4rc2" +# CVE-2023-34319 has no known resolution + CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5" CVE_STATUS[CVE-2023-35001] = "cpe-stable-backport: Backported in 6.4.4" @@ -4965,3 +4981,23 @@ CVE_STATUS[CVE-2023-38432] = "fixed-version: Fixed after version 6.4" CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.4.4" +CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7" + +# CVE-2023-4010 has no known resolution + +# CVE-2023-4128 needs backporting (fixed from 6.5rc5) + +CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.4.4" + +CVE_STATUS[CVE-2023-4133] = "fixed-version: Fixed after version 6.3" + +CVE_STATUS[CVE-2023-4134] = "cpe-stable-backport: Backported in 6.4.4" + +CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.4.8" + +# CVE-2023-4155 has no known resolution + +# CVE-2023-4194 needs backporting (fixed from 6.5rc5) + +# CVE-2023-4273 needs backporting (fixed from 6.5rc5) +