Re: [OE-core] [PATCH] cve-extra-exclusions.inc: Exclude some issues not present in linux-yocto

Tue, 04 Apr 2023 12:48:37 -0700 

Hi,

On 4/4/23 18:44, Richard Purdie wrote:
> Exclude some CVEs where the patches were backported to the stable series
> kernels we have.> 
> https://www.linuxkernelcves.com/cves/CVE-XXXX-XXXX is useful to help
> with this.
> 
> Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
> ---
>  .../distro/include/cve-extra-exclusions.inc   | 40 +++++++++++++++++++
>  1 file changed, 40 insertions(+)
> 
> diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc 
> b/meta/conf/distro/include/cve-extra-exclusions.inc
> index a281a8ac65c..680f613c9f9 100644
> --- a/meta/conf/distro/include/cve-extra-exclusions.inc
> +++ b/meta/conf/distro/include/cve-extra-exclusions.inc
> @@ -381,6 +381,46 @@ CVE_CHECK_IGNORE += "CVE-2023-0266"
>  # Backported in version v6.1.7 0afa5f0736584411771299074bbeca8c1f9706d4
>  CVE_CHECK_IGNORE += "CVE-2023-0394"
>  
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-0461
> +# Introduced in version 4.13 734942cc4ea6478eed125af258da1bdbb4afe578
> +# Patched in kernel v6.2 2c02d41d71f90a5168391b6a5f2954112ba2307c
> +# Backported in version v6.1.5 7d242f4a0c8319821548c7176c09a6e0e71f223c
> +# Backported in version v5.15.88 dadd0dcaa67d27f550131de95c8e182643d2c9d6
> +CVE_CHECK_IGNORE += "CVE-2023-0461"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-0386
> +# Introduced in 5.11 459c7c565ac36ba09ffbf24231147f408fde4203
> +# Patched in kernel v6.2 4f11ada10d0ad3fd53e2bd67806351de63a4f9c3
> +# Backported in version 6.1.9 42fea1c35254c49cce07c600d026cbc00c6d3c81
> +# Backported in version 5.15.91 e91308e63710574c4b6a0cadda3e042a3699666e
> +CVE_CHECK_IGNORE += "CVE-2023-0386"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-1073
> +# Introduced in 1b15d2e5b8077670b1e6a33250a0d9577efff4a5

The earliest version containing this commit is v3.16

> +# Patched in kernel v6.2 b12fece4c64857e5fab4290bf01b2e0317a88456
> +# Backported in version 5.10.166

You are missing the SHA1 here : It is 5dc3469a1170dd1344d262a332b26994214eeb58

> +# Backported in version 5.15.91 2b49568254365c9c247beb0eabbaa15d0e279d64
> +# Backported in version 6.1.9 cdcdc0531a51659527fea4b4d064af343452062d
> +CVE_CHECK_IGNORE += "CVE-2023-1073"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-1074
> +# Patched in kernel v6.2 458e279f861d3f61796894cd158b780765a1569f
> +# Backported in version 5.15.91 3391bd42351be0beb14f438c7556912b9f96cb32
> +# Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
> +CVE_CHECK_IGNORE += "CVE-2023-1074"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-1077
> +# Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
> +# Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
> +# Backported in version 6.1.16 6b4fcc4e8a3016e85766c161daf0732fca16c3a3
> +CVE_CHECK_IGNORE += "CVE-2023-1077"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2023-1078
> +# Patched in kernel 6.2 f753a68980cf4b59a80fe677619da2b1804f526d
> +# Backported in version 5.15.94 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba
> +# Backported in version 6.1.12 1d52bbfd469af69fbcae88c67f160ce1b968e7f3
> +CVE_CHECK_IGNORE += "CVE-2023-1078"
> +
>  # Wrong CPE in NVD database
>  # https://nvd.nist.gov/vuln/detail/CVE-2022-3563
>  # https://nvd.nist.gov/vuln/detail/CVE-2022-3637

Apart from these two comments:
Reviewed-by: Yoann Congal <yoann.con...@smile.fr>

Regards,

-- 
Yoann Congal
Smile ECS - Tech Expert

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179709): 
https://lists.openembedded.org/g/openembedded-core/message/179709
Mute This Topic: https://lists.openembedded.org/mt/98064143/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to