From: Bruce Ashfield Date: Fri, 5 Sep 2025 16:09:27 +0000 (-0400) Subject: linux-yocto/6.12: update CVE exclusions (6.12.44) X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f78db11847b54b32c2c3d6e86cf7e3a06dcd625;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git linux-yocto/6.12: update CVE exclusions (6.12.44) Data pulled from: https://github.com/CVEProject/cvelistV5 1/1 [ Author: cvelistV5 Github Action Email: github_action@example.com Subject: 3 changes (0 new | 3 updated): - 0 new CVEs: - 3 updated CVEs: CVE-2025-32100, CVE-2025-55852, CVE-2025-55944 Date: Wed, 3 Sep 2025 20:01:09 +0000 ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --- diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index cc26368560..57b735ed34 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,11 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-08-21 13:18:00.380174+00:00 for kernel version 6.12.42 -# From linux_kernel_cves cve_2025-08-21_1200Z-2-g608fd2b01c2 +# Generated at 2025-09-03 20:06:37.780942+00:00 for kernel version 6.12.44 +# From linux_kernel_cves cve_2025-09-03_1900Z-6-ga45e93ffde5 python check_kernel_cve_status_version() { - this_version = "6.12.42" + this_version = "6.12.44" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -12000,6 +12000,10 @@ CVE_STATUS[CVE-2024-58237] = "cpe-stable-backport: Backported in 6.12.9" CVE_STATUS[CVE-2024-58238] = "fixed-version: Fixed from version 6.9" +CVE_STATUS[CVE-2024-58239] = "fixed-version: Fixed from version 6.8" + +CVE_STATUS[CVE-2024-58240] = "fixed-version: Fixed from version 6.8" + CVE_STATUS[CVE-2025-21629] = "cpe-stable-backport: Backported in 6.12.9" CVE_STATUS[CVE-2025-21631] = "cpe-stable-backport: Backported in 6.12.10" @@ -12492,7 +12496,7 @@ CVE_STATUS[CVE-2025-21882] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-21883] = "cpe-stable-backport: Backported in 6.12.18" -# CVE-2025-21884 may need backporting (fixed from 6.12.43) +CVE_STATUS[CVE-2025-21884] = "cpe-stable-backport: Backported in 6.12.43" CVE_STATUS[CVE-2025-21885] = "cpe-stable-backport: Backported in 6.12.18" @@ -13060,7 +13064,7 @@ CVE_STATUS[CVE-2025-37742] = "cpe-stable-backport: Backported in 6.12.24" # CVE-2025-37743 needs backporting (fixed from 6.15) -CVE_STATUS[CVE-2025-37744] = "cpe-stable-backport: Backported in 6.12.24" +CVE_STATUS[CVE-2025-37744] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37745] = "cpe-stable-backport: Backported in 6.12.24" @@ -14774,12 +14778,136 @@ CVE_STATUS[CVE-2025-38612] = "cpe-stable-backport: Backported in 6.12.42" CVE_STATUS[CVE-2025-38613] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-38614 may need backporting (fixed from 6.12.43) +CVE_STATUS[CVE-2025-38614] = "cpe-stable-backport: Backported in 6.12.43" CVE_STATUS[CVE-2025-38615] = "cpe-stable-backport: Backported in 6.12.42" +CVE_STATUS[CVE-2025-38616] = "cpe-stable-backport: Backported in 6.12.43" + +CVE_STATUS[CVE-2025-38617] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38618] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38619] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38620] = "fixed-version: only affects 6.16 onwards" + +# CVE-2025-38621 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-38622] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38623] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38624] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38625] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38626] = "cpe-stable-backport: Backported in 6.12.42" + +# CVE-2025-38627 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-38628] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38629] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-38630] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38631] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38632] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38633] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38634] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38635] = "cpe-stable-backport: Backported in 6.12.42" + +# CVE-2025-38636 needs backporting (fixed from 6.17rc1) + CVE_STATUS[CVE-2025-38637] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-38638] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38639] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38640] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38641] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38642] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-38643 needs backporting (fixed from 6.17rc1) + +CVE_STATUS[CVE-2025-38644] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38645] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38646] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38647] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38648] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38649] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-38650] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38651] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38652] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38653] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38654] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-38655] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-38656 has no known resolution + +CVE_STATUS[CVE-2025-38657] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2025-38658] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-38659] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38660] = "cpe-stable-backport: Backported in 6.12.42" + +CVE_STATUS[CVE-2025-38661] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38662] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38663] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38664] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38665] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38666] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38667] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38668] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38669] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38670] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38671] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38672] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38673] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38674] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2025-38675] = "cpe-stable-backport: Backported in 6.12.41" + +CVE_STATUS[CVE-2025-38676] = "cpe-stable-backport: Backported in 6.12.44" + +CVE_STATUS[CVE-2025-38677] = "cpe-stable-backport: Backported in 6.12.44" + +# CVE-2025-38678 needs backporting (fixed from 6.17rc2) + CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23"