Re: [OE-core][kirkstone 04/15] linux-yocto: Exclude 121 CVEs already fixed upstream

Wed, 10 May 2023 08:32:16 -0700 

Hi Steve!

On 5/10/23 00:32, Steve Sakoman wrote:
> From: Yoann Congal <yoann.con...@smile.fr>
> 
> Exclude CVEs that are fixed in both current linux-yocto version
> v5.10.175 and v5.15.108.
> 
> To get the commit fixing a CVE, I used the Debian kernel-sec repo [1].
> 
> [1]: 
> https://salsa.debian.org/kernel-team/kernel-sec/-/commit/86d5040aee9275f9555458fcaf9cb43710dff398
> 
> Signed-off-by: Yoann Congal <yoann.con...@smile.fr>
> Signed-off-by: Steve Sakoman <st...@sakoman.com>
> ---
>  meta/recipes-kernel/linux/cve-exclusion.inc | 875 ++++++++++++++++++++
>  meta/recipes-kernel/linux/linux-yocto.inc   |   3 +
>  2 files changed, 878 insertions(+)
>  create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
> 
> diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc 
> b/meta/recipes-kernel/linux/cve-exclusion.inc
> new file mode 100644
> index 0000000000..7fd362881a
> --- /dev/null
> +++ b/meta/recipes-kernel/linux/cve-exclusion.inc
> @@ -0,0 +1,875 @@
> +# Kernel CVE exclusion file
> +

.../...
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2503
> +# Patched in kernel since v5.19 4caae58406f8ceb741603eee460d79bacca9b1b5
> +# Backported in version v5.4.197 fd2f7e9984850a0162bfb6948b98ffac9fb5fa58
> +# Backported in version v5.10.120 8df42bcd364cc3b41105215d841792aea787b133
> +# Backported in version v5.15.45 69712b170237ec5979f168149cd31e851a465853
> +CVE_CHECK_IGNORE += "CVE-2022-2503"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-26365
> +# Patched in kernel since v5.19 2f446ffe9d737e9a844b97887919c4fda18246e7
> +# Backported in version v5.4.204 42112e8f94617d83943f8f3b8de2b66041905506
> +# Backported in version v5.10.129 cfea428030be836d79a7690968232bb7fa4410f1
> +# Backported in version v5.15.53 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9
> +CVE_CHECK_IGNORE += "CVE-2022-26365"
> +
> +# https://nvd.nist.gov/vuln/detail/CVE-2022-2663
> +# Patched in kernel since v6.0 e8d5dfd1d8747b56077d02664a8838c71ced948e
> +# Backported in version v5.4.215 d0a24bc8e2aa703030d80affa3e5237fe3ad4dd2
> +# Backported in version v5.10.146 9a5d7e0acb41bb2aac552f8eeb4b404177f3f66d
> +# Backported in version v5.15.71 dc33ffbc361e2579a8f31b8724ef85d4117440e4
> +# Backported in version v5.19.12 510ea9eae5ee45f4e443023556532bda99387351
> +CVE_CHECK_IGNORE += "CVE-2022-2663"

I just noticed that the list in not sorted :(

I'll send a V2 sorted (This will make the next iterations cleaner)

-- 
Yoann Congal
Smile ECS - Tech Expert

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#181113): 
https://lists.openembedded.org/g/openembedded-core/message/181113
Mute This Topic: https://lists.openembedded.org/mt/98795092/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to