[OE-core][nanbield 07/23] linux-yocto/6.1: update CVE exclusions

Fri, 26 Jan 2024 18:37:56 -0800 

From: Bruce Ashfield <bruce.ashfi...@gmail.com>

Data pulled from: https://github.com/nluedtke/linux_kernel_cves

    1/1 [
        Author: Nicholas Luedtke
        Email: nicholas.lued...@uwalumni.com
        Subject: Update 27Dec23
        Date: Wed, 27 Dec 2023 19:47:13 -0500

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfi...@gmail.com>
(cherry picked from commit b303a7dd260ad3f6a9e6f1b8099b86efcc8373a9)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
 .../linux/cve-exclusion_6.1.inc               | 44 +++++++++++++++++--
 1 file changed, 40 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc 
b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index 1b51737c7d..0bf7edbce8 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68
+# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70
 
 python check_kernel_cve_status_version() {
-    this_version = "6.1.68"
+    this_version = "6.1.70"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -5106,11 +5106,21 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: 
Backported in 6.1.54"
 
 CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
 
+# CVE-2023-50431 has no known resolution
+
 CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
 
 CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
 
-# CVE-2023-5178 needs backporting (fixed from 6.1.60)
+# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
+
+CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"
+
+CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69"
+
+CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69"
+
+CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69"
 
 CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
 
@@ -5120,7 +5130,7 @@ CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 
6.2 onwards"
 
 # CVE-2023-5717 needs backporting (fixed from 6.1.60)
 
-# CVE-2023-5972 needs backporting (fixed from 6.6rc7)
+CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
@@ -5132,3 +5142,29 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: 
Backported in 6.1.54"
 
 # CVE-2023-6238 has no known resolution
 
+# CVE-2023-6356 has no known resolution
+
+# CVE-2023-6535 has no known resolution
+
+# CVE-2023-6536 has no known resolution
+
+CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47"
+
+# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
+
+# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
+
+# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
+
+CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68"
+
+# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
+
+CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68"
+
+CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68"
+
+CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66"
+
+# CVE-2023-7042 has no known resolution
+
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194416): 
https://lists.openembedded.org/g/openembedded-core/message/194416
Mute This Topic: https://lists.openembedded.org/mt/103990271/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to