linux-yocto/6.12: update CVE exclusions (6.12.39)

author Bruce Ashfield <bruce.ashfield@gmail.com>

Wed, 13 Aug 2025 20:49:16 +0000 (16:49 -0400)

committer Steve Sakoman <steve@sakoman.com>

Fri, 12 Sep 2025 16:53:54 +0000 (09:53 -0700)
author Bruce Ashfield <bruce.ashfield@gmail.com>
Wed, 13 Aug 2025 20:49:16 +0000 (16:49 -0400)
committer Steve Sakoman <steve@sakoman.com>
Fri, 12 Sep 2025 16:53:54 +0000 (09:53 -0700)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc

index 924e3b90cac89dc912a529912a2bbcaf05f631a7..b408071a6744511a50b054e528e5c10e7133324a 100644 (file)
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,12 +1,12 @@
  
  # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-07-15 14:54:42.649263+00:00 for kernel version 6.12.38
-# From linux_kernel_cves cve_2025-07-15_1400Z-4-gc77733e1fe6
+# Generated at 2025-07-18 14:17:49.367230+00:00 for kernel version 6.12.39
+# From linux_kernel_cves cve_2025-07-18_1400Z
  
  
  
  python check_kernel_cve_status_version() {
-    this_version = "6.12.38"
+    this_version = "6.12.39"
      kernel_version = d.getVar("LINUX_VERSION")
      if kernel_version != this_version:
          bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4133,7 +4133,7 @@ CVE_STATUS[CVE-2022-49962] = "fixed-version: Fixed from version 6.0"
  
  CVE_STATUS[CVE-2022-49963] = "fixed-version: Fixed from version 6.0"
  
-CVE_STATUS[CVE-2022-49964] = "fixed-version: Fixed from version 6.0"
+CVE_STATUS[CVE-2022-49964] = "fixed-version: Fixed from version 5.19.7"
  
  CVE_STATUS[CVE-2022-49965] = "fixed-version: Fixed from version 6.0"
  
@@ -5583,8 +5583,6 @@ CVE_STATUS[CVE-2023-52999] = "fixed-version: Fixed from version 6.2"
  
  CVE_STATUS[CVE-2023-53000] = "fixed-version: Fixed from version 6.2"
  
-CVE_STATUS[CVE-2023-53001] = "fixed-version: Fixed from version 6.2"
-
  CVE_STATUS[CVE-2023-53002] = "fixed-version: Fixed from version 6.2"
  
  CVE_STATUS[CVE-2023-53003] = "fixed-version: Fixed from version 6.2"
@@ -13673,7 +13671,7 @@ CVE_STATUS[CVE-2025-38065] = "cpe-stable-backport: Backported in 6.12.31"
  
  CVE_STATUS[CVE-2025-38066] = "cpe-stable-backport: Backported in 6.12.31"
  
-# CVE-2025-38067 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-38067] = "cpe-stable-backport: Backported in 6.12.39"
  
  CVE_STATUS[CVE-2025-38068] = "cpe-stable-backport: Backported in 6.12.31"
  
@@ -13747,7 +13745,7 @@ CVE_STATUS[CVE-2025-38102] = "cpe-stable-backport: Backported in 6.12.34"
  
  CVE_STATUS[CVE-2025-38103] = "cpe-stable-backport: Backported in 6.12.34"
  
-# CVE-2025-38104 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-38104] = "cpe-stable-backport: Backported in 6.12.39"
  
  # CVE-2025-38105 needs backporting (fixed from 6.16rc1)
  
@@ -14237,6 +14235,8 @@ CVE_STATUS[CVE-2025-38347] = "cpe-stable-backport: Backported in 6.12.35"
  
  CVE_STATUS[CVE-2025-38348] = "cpe-stable-backport: Backported in 6.12.35"
  
+CVE_STATUS[CVE-2025-38349] = "cpe-stable-backport: Backported in 6.12.39"
+
  CVE_STATUS[CVE-2025-38479] = "cpe-stable-backport: Backported in 6.12.23"
  
  CVE_STATUS[CVE-2025-38575] = "cpe-stable-backport: Backported in 6.12.23"
author	Bruce Ashfield <bruce.ashfield@gmail.com>
	Wed, 13 Aug 2025 20:49:16 +0000 (16:49 -0400)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 12 Sep 2025 16:53:54 +0000 (09:53 -0700)