From: Ross Burton <ross.burton@arm.com>
Date: Thu, 25 Sep 2025 14:05:09 +0000 (+0200)
Subject: grub2: mark CVE-2024-2312 as not applicable
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=37c224f51817a948f2558f78eec23a3b1df1cb24;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

grub2: mark CVE-2024-2312 as not applicable

This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.

(From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index db053b27b0..22d5b3fc07 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -44,6 +44,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
+CVE_STATUS[CVE-2024-2312]  = "not-applicable-platform: Applies only to Ubuntu"
 
 DEPENDS = "flex-native bison-native gettext-native"