diff mbox series

linux-yocto: update CVE ignores

Message ID 20230919163115.597297-1-ross.burton@arm.com
State Accepted, archived
Commit 937817e5164f8af8452aec03ae3c45cb23d63df9
Headers show
Series linux-yocto: update CVE ignores | expand

Commit Message

Ross Burton Sept. 19, 2023, 4:31 p.m. UTC 
From: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../linux/cve-exclusion_6.1.inc               | 52 +++++++++++++++----
 .../linux/cve-exclusion_6.4.inc               | 50 +++++++++++++++---
 2 files changed, 85 insertions(+), 17 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 41ee8bcad59..90b07f0da5b 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,6 +1,6 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-07 15:29:54.983415+00:00 for version 6.1.51
+# Generated at 2023-09-19 16:30:43.403752+00:00 for version 6.1.51
 
 python check_kernel_cve_status_version() {
     this_version = "6.1.51"
@@ -4518,9 +4518,9 @@  CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in 6.1.8"
 
 CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
 
-# CVE-2022-44032 has no known resolution
+# CVE-2022-44032 needs backporting (fixed from 6.4rc1)
 
-# CVE-2022-44033 has no known resolution
+# CVE-2022-44033 needs backporting (fixed from 6.4rc1)
 
 # CVE-2022-44034 has no known resolution
 
@@ -4532,13 +4532,13 @@  CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7"
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+CVE_STATUS[CVE-2022-45886] = "cpe-stable-backport: Backported in 6.1.33"
 
-# CVE-2022-45887 has no known resolution
+CVE_STATUS[CVE-2022-45887] = "cpe-stable-backport: Backported in 6.1.33"
 
 # CVE-2022-45888 needs backporting (fixed from 6.2rc1)
 
-# CVE-2022-45919 has no known resolution
+CVE_STATUS[CVE-2022-45919] = "cpe-stable-backport: Backported in 6.1.33"
 
 CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
 
@@ -4786,7 +4786,7 @@  CVE_STATUS[CVE-2023-23559] = "cpe-stable-backport: Backported in 6.1.9"
 
 CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1"
 
-# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
+CVE_STATUS[CVE-2023-2430] = "cpe-stable-backport: Backported in 6.1.50"
 
 CVE_STATUS[CVE-2023-2483] = "cpe-stable-backport: Backported in 6.1.22"
 
@@ -4794,6 +4794,8 @@  CVE_STATUS[CVE-2023-25012] = "cpe-stable-backport: Backported in 6.1.16"
 
 CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
 
+# CVE-2023-25775 needs backporting (fixed from 6.1.53)
+
 CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards"
 
 # CVE-2023-26242 has no known resolution
@@ -4848,7 +4850,7 @@  CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"
 
 # CVE-2023-31082 has no known resolution
 
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
 
 # CVE-2023-31084 needs backporting (fixed from 6.4rc3)
 
@@ -4962,7 +4964,7 @@  CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40"
 
 # CVE-2023-3640 has no known resolution
 
-# CVE-2023-37453 has no known resolution
+CVE_STATUS[CVE-2023-37453] = "fixed-version: only affects 6.3rc1 onwards"
 
 # CVE-2023-37454 has no known resolution
 
@@ -4972,6 +4974,8 @@  CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.1.47"
 
 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40"
 
+CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.1.42"
+
 CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
 
 CVE_STATUS[CVE-2023-38409] = "cpe-stable-backport: Backported in 6.1.25"
@@ -4992,10 +4996,18 @@  CVE_STATUS[CVE-2023-38432] = "cpe-stable-backport: Backported in 6.1.36"
 
 CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39"
 
+CVE_STATUS[CVE-2023-3865] = "cpe-stable-backport: Backported in 6.1.36"
+
+CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36"
+
+CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40"
+
 CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"
 
 # CVE-2023-4010 has no known resolution
 
+CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43"
+
 CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45"
 
 CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45"
@@ -5012,6 +5024,14 @@  CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46"
 
 CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards"
 
+CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45"
+
+# CVE-2023-4244 needs backporting (fixed from 6.5rc7)
+
 CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45"
 
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
@@ -5024,3 +5044,17 @@  CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"
 
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
 
+# CVE-2023-4563 needs backporting (fixed from 6.5rc6)
+
+CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47"
+
+CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+
+# CVE-2023-4623 needs backporting (fixed from 6.1.53)
+
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
+
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
index 5a5eb9a755f..d64ab0092d6 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
@@ -1,6 +1,6 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-09-07 15:30:03.897686+00:00 for version 6.4.14
+# Generated at 2023-09-19 16:30:35.921888+00:00 for version 6.4.14
 
 python check_kernel_cve_status_version() {
     this_version = "6.4.14"
@@ -4518,9 +4518,9 @@  CVE_STATUS[CVE-2022-4382] = "fixed-version: Fixed from version 6.2rc5"
 
 CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1"
 
-# CVE-2022-44032 has no known resolution
+CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1"
 
-# CVE-2022-44033 has no known resolution
+CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1"
 
 # CVE-2022-44034 has no known resolution
 
@@ -4532,13 +4532,13 @@  CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7"
 
 # CVE-2022-45885 has no known resolution
 
-# CVE-2022-45886 has no known resolution
+CVE_STATUS[CVE-2022-45886] = "fixed-version: Fixed from version 6.4rc3"
 
-# CVE-2022-45887 has no known resolution
+CVE_STATUS[CVE-2022-45887] = "fixed-version: Fixed from version 6.4rc3"
 
 CVE_STATUS[CVE-2022-45888] = "fixed-version: Fixed from version 6.2rc1"
 
-# CVE-2022-45919 has no known resolution
+CVE_STATUS[CVE-2022-45919] = "fixed-version: Fixed from version 6.4rc3"
 
 CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1"
 
@@ -4794,6 +4794,8 @@  CVE_STATUS[CVE-2023-25012] = "fixed-version: Fixed from version 6.3rc1"
 
 CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1"
 
+# CVE-2023-25775 needs backporting (fixed from 6.4.16)
+
 CVE_STATUS[CVE-2023-2598] = "fixed-version: Fixed from version 6.4rc1"
 
 # CVE-2023-26242 has no known resolution
@@ -4848,7 +4850,7 @@  CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7"
 
 # CVE-2023-31082 has no known resolution
 
-# CVE-2023-31083 has no known resolution
+# CVE-2023-31083 needs backporting (fixed from 6.6rc1)
 
 CVE_STATUS[CVE-2023-31084] = "fixed-version: Fixed from version 6.4rc3"
 
@@ -4962,7 +4964,7 @@  CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.4.5"
 
 # CVE-2023-3640 has no known resolution
 
-# CVE-2023-37453 has no known resolution
+# CVE-2023-37453 needs backporting (fixed from 6.4.16)
 
 # CVE-2023-37454 has no known resolution
 
@@ -4972,6 +4974,8 @@  CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.4.12"
 
 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5"
 
+CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.4.7"
+
 CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4"
 
 CVE_STATUS[CVE-2023-38409] = "fixed-version: Fixed from version 6.3rc7"
@@ -4992,10 +4996,18 @@  CVE_STATUS[CVE-2023-38432] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.4.4"
 
+CVE_STATUS[CVE-2023-3865] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3866] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.4.5"
+
 CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7"
 
 # CVE-2023-4010 has no known resolution
 
+CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.4.8"
+
 CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.4.10"
 
 CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.4.10"
@@ -5012,6 +5024,14 @@  CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.4.11"
 
 CVE_STATUS[CVE-2023-4194] = "cpe-stable-backport: Backported in 6.4.10"
 
+CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.4.12"
+
 CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10"
 
 CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1"
@@ -5024,3 +5044,17 @@  CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3"
 
 CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18"
 
+CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.4.11"
+
+CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.4.12"
+
+CVE_STATUS[CVE-2023-4611] = "cpe-stable-backport: Backported in 6.4.8"
+
+# CVE-2023-4622 needs backporting (fixed from 6.5rc1)
+
+# CVE-2023-4623 needs backporting (fixed from 6.4.16)
+
+# CVE-2023-4881 needs backporting (fixed from 6.6rc1)
+
+# CVE-2023-4921 needs backporting (fixed from 6.6rc1)
+