From patchwork Tue Sep 19 16:31:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 30738 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35163CE79AA for ; Tue, 19 Sep 2023 16:31:29 +0000 (UTC) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.14301.1695141078788503467 for ; Tue, 19 Sep 2023 09:31:19 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 30C731FB; Tue, 19 Sep 2023 09:31:55 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 66D543F5A1; Tue, 19 Sep 2023 09:31:17 -0700 (PDT) From: ross.burton@arm.com To: openembedded-core@lists.openembedded.org Cc: nd@arm.com Subject: [PATCH] linux-yocto: update CVE ignores Date: Tue, 19 Sep 2023 17:31:15 +0100 Message-Id: <20230919163115.597297-1-ross.burton@arm.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Sep 2023 16:31:29 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/187874 From: Ross Burton Signed-off-by: Ross Burton --- .../linux/cve-exclusion_6.1.inc | 52 +++++++++++++++---- .../linux/cve-exclusion_6.4.inc | 50 +++++++++++++++--- 2 files changed, 85 insertions(+), 17 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index 41ee8bcad59..90b07f0da5b 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-09-07 15:29:54.983415+00:00 for version 6.1.51 +# Generated at 2023-09-19 16:30:43.403752+00:00 for version 6.1.51 python check_kernel_cve_status_version() { this_version = "6.1.51" @@ -4518,9 +4518,9 @@ CVE_STATUS[CVE-2022-4382] = "cpe-stable-backport: Backported in 6.1.8" CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" -# CVE-2022-44032 has no known resolution +# CVE-2022-44032 needs backporting (fixed from 6.4rc1) -# CVE-2022-44033 has no known resolution +# CVE-2022-44033 needs backporting (fixed from 6.4rc1) # CVE-2022-44034 has no known resolution @@ -4532,13 +4532,13 @@ CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7" # CVE-2022-45885 has no known resolution -# CVE-2022-45886 has no known resolution +CVE_STATUS[CVE-2022-45886] = "cpe-stable-backport: Backported in 6.1.33" -# CVE-2022-45887 has no known resolution +CVE_STATUS[CVE-2022-45887] = "cpe-stable-backport: Backported in 6.1.33" # CVE-2022-45888 needs backporting (fixed from 6.2rc1) -# CVE-2022-45919 has no known resolution +CVE_STATUS[CVE-2022-45919] = "cpe-stable-backport: Backported in 6.1.33" CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1" @@ -4786,7 +4786,7 @@ CVE_STATUS[CVE-2023-23559] = "cpe-stable-backport: Backported in 6.1.9" CVE_STATUS[CVE-2023-23586] = "fixed-version: Fixed from version 5.12rc1" -# CVE-2023-2430 needs backporting (fixed from 6.2rc5) +CVE_STATUS[CVE-2023-2430] = "cpe-stable-backport: Backported in 6.1.50" CVE_STATUS[CVE-2023-2483] = "cpe-stable-backport: Backported in 6.1.22" @@ -4794,6 +4794,8 @@ CVE_STATUS[CVE-2023-25012] = "cpe-stable-backport: Backported in 6.1.16" CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1" +# CVE-2023-25775 needs backporting (fixed from 6.1.53) + CVE_STATUS[CVE-2023-2598] = "fixed-version: only affects 6.3rc1 onwards" # CVE-2023-26242 has no known resolution @@ -4848,7 +4850,7 @@ CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7" # CVE-2023-31082 has no known resolution -# CVE-2023-31083 has no known resolution +# CVE-2023-31083 needs backporting (fixed from 6.6rc1) # CVE-2023-31084 needs backporting (fixed from 6.4rc3) @@ -4962,7 +4964,7 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40" # CVE-2023-3640 has no known resolution -# CVE-2023-37453 has no known resolution +CVE_STATUS[CVE-2023-37453] = "fixed-version: only affects 6.3rc1 onwards" # CVE-2023-37454 has no known resolution @@ -4972,6 +4974,8 @@ CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.1.47" CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40" +CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.1.42" + CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4" CVE_STATUS[CVE-2023-38409] = "cpe-stable-backport: Backported in 6.1.25" @@ -4992,10 +4996,18 @@ CVE_STATUS[CVE-2023-38432] = "cpe-stable-backport: Backported in 6.1.36" CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.1.39" +CVE_STATUS[CVE-2023-3865] = "cpe-stable-backport: Backported in 6.1.36" + +CVE_STATUS[CVE-2023-3866] = "cpe-stable-backport: Backported in 6.1.36" + +CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.1.40" + CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" # CVE-2023-4010 has no known resolution +CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.1.43" + CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45" CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45" @@ -5012,6 +5024,14 @@ CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46" CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards" +CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.1.45" + +CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.1.45" + +CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.1.45" + +# CVE-2023-4244 needs backporting (fixed from 6.5rc7) + CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45" CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1" @@ -5024,3 +5044,17 @@ CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3" CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18" +# CVE-2023-4563 needs backporting (fixed from 6.5rc6) + +CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.1.47" + +CVE_STATUS[CVE-2023-4611] = "fixed-version: only affects 6.4rc1 onwards" + +# CVE-2023-4622 needs backporting (fixed from 6.5rc1) + +# CVE-2023-4623 needs backporting (fixed from 6.1.53) + +# CVE-2023-4881 needs backporting (fixed from 6.6rc1) + +# CVE-2023-4921 needs backporting (fixed from 6.6rc1) + diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc index 5a5eb9a755f..d64ab0092d6 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-09-07 15:30:03.897686+00:00 for version 6.4.14 +# Generated at 2023-09-19 16:30:35.921888+00:00 for version 6.4.14 python check_kernel_cve_status_version() { this_version = "6.4.14" @@ -4518,9 +4518,9 @@ CVE_STATUS[CVE-2022-4382] = "fixed-version: Fixed from version 6.2rc5" CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" -# CVE-2022-44032 has no known resolution +CVE_STATUS[CVE-2022-44032] = "fixed-version: Fixed from version 6.4rc1" -# CVE-2022-44033 has no known resolution +CVE_STATUS[CVE-2022-44033] = "fixed-version: Fixed from version 6.4rc1" # CVE-2022-44034 has no known resolution @@ -4532,13 +4532,13 @@ CVE_STATUS[CVE-2022-45869] = "fixed-version: Fixed from version 6.1rc7" # CVE-2022-45885 has no known resolution -# CVE-2022-45886 has no known resolution +CVE_STATUS[CVE-2022-45886] = "fixed-version: Fixed from version 6.4rc3" -# CVE-2022-45887 has no known resolution +CVE_STATUS[CVE-2022-45887] = "fixed-version: Fixed from version 6.4rc3" CVE_STATUS[CVE-2022-45888] = "fixed-version: Fixed from version 6.2rc1" -# CVE-2022-45919 has no known resolution +CVE_STATUS[CVE-2022-45919] = "fixed-version: Fixed from version 6.4rc3" CVE_STATUS[CVE-2022-45934] = "fixed-version: Fixed from version 6.1" @@ -4794,6 +4794,8 @@ CVE_STATUS[CVE-2023-25012] = "fixed-version: Fixed from version 6.3rc1" CVE_STATUS[CVE-2023-2513] = "fixed-version: Fixed from version 6.0rc1" +# CVE-2023-25775 needs backporting (fixed from 6.4.16) + CVE_STATUS[CVE-2023-2598] = "fixed-version: Fixed from version 6.4rc1" # CVE-2023-26242 has no known resolution @@ -4848,7 +4850,7 @@ CVE_STATUS[CVE-2023-3106] = "fixed-version: Fixed from version 4.8rc7" # CVE-2023-31082 has no known resolution -# CVE-2023-31083 has no known resolution +# CVE-2023-31083 needs backporting (fixed from 6.6rc1) CVE_STATUS[CVE-2023-31084] = "fixed-version: Fixed from version 6.4rc3" @@ -4962,7 +4964,7 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.4.5" # CVE-2023-3640 has no known resolution -# CVE-2023-37453 has no known resolution +# CVE-2023-37453 needs backporting (fixed from 6.4.16) # CVE-2023-37454 has no known resolution @@ -4972,6 +4974,8 @@ CVE_STATUS[CVE-2023-3773] = "cpe-stable-backport: Backported in 6.4.12" CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5" +CVE_STATUS[CVE-2023-3777] = "cpe-stable-backport: Backported in 6.4.7" + CVE_STATUS[CVE-2023-3812] = "fixed-version: Fixed from version 6.1rc4" CVE_STATUS[CVE-2023-38409] = "fixed-version: Fixed from version 6.3rc7" @@ -4992,10 +4996,18 @@ CVE_STATUS[CVE-2023-38432] = "fixed-version: Fixed from version 6.4" CVE_STATUS[CVE-2023-3863] = "cpe-stable-backport: Backported in 6.4.4" +CVE_STATUS[CVE-2023-3865] = "fixed-version: Fixed from version 6.4" + +CVE_STATUS[CVE-2023-3866] = "fixed-version: Fixed from version 6.4" + +CVE_STATUS[CVE-2023-3867] = "cpe-stable-backport: Backported in 6.4.5" + CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7" # CVE-2023-4010 has no known resolution +CVE_STATUS[CVE-2023-4015] = "cpe-stable-backport: Backported in 6.4.8" + CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.4.10" CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.4.10" @@ -5012,6 +5024,14 @@ CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.4.11" CVE_STATUS[CVE-2023-4194] = "cpe-stable-backport: Backported in 6.4.10" +CVE_STATUS[CVE-2023-4206] = "cpe-stable-backport: Backported in 6.4.10" + +CVE_STATUS[CVE-2023-4207] = "cpe-stable-backport: Backported in 6.4.10" + +CVE_STATUS[CVE-2023-4208] = "cpe-stable-backport: Backported in 6.4.10" + +CVE_STATUS[CVE-2023-4244] = "cpe-stable-backport: Backported in 6.4.12" + CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10" CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed from version 5.19rc1" @@ -5024,3 +5044,17 @@ CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed from version 6.0rc3" CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed from version 5.18" +CVE_STATUS[CVE-2023-4563] = "cpe-stable-backport: Backported in 6.4.11" + +CVE_STATUS[CVE-2023-4569] = "cpe-stable-backport: Backported in 6.4.12" + +CVE_STATUS[CVE-2023-4611] = "cpe-stable-backport: Backported in 6.4.8" + +# CVE-2023-4622 needs backporting (fixed from 6.5rc1) + +# CVE-2023-4623 needs backporting (fixed from 6.4.16) + +# CVE-2023-4881 needs backporting (fixed from 6.6rc1) + +# CVE-2023-4921 needs backporting (fixed from 6.6rc1) +