From: Ross Burton <ross.burton@arm.com>
Date: Tue, 9 Sep 2025 14:31:17 +0000 (+0100)
Subject: grub2: mark CVE-2024-2312 as not applicable
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d2fe3f403e6435e1ffe122a6776381090752d8a;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

grub2: mark CVE-2024-2312 as not applicable

This issue is specific to the peimage module that Ubuntu add, and is not
an upstream issue.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ffa04e415d..e87d269170 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -43,6 +43,7 @@ SRC_URI[sha256sum] = "b30919fa5be280417c17ac561bb1650f60cfb80cc6237fa1e2b6f56154
 CVE_STATUS[CVE-2019-14865] = "not-applicable-platform: applies only to RHEL"
 CVE_STATUS[CVE-2023-4001]  = "not-applicable-platform: Applies only to RHEL/Fedora"
 CVE_STATUS[CVE-2024-1048]  = "not-applicable-platform: Applies only to RHEL/Fedora"
+CVE_STATUS[CVE-2024-2312]  = "not-applicable-platform: Applies only to Ubuntu"
 
 DEPENDS = "flex-native bison-native gettext-native"