From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Thu, 16 Oct 2025 03:08:41 +0000 (-0400)
Subject: linux-yocto/6.12: update CVE exclusions (6.12.52)
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aee153dd5ccbfaeeca9f76df7b8f8b453ee478d2;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

linux-yocto/6.12: update CVE exclusions (6.12.52)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 10 changes (9 new | 1 updated): - 9 new CVEs: CVE-2025-42901, CVE-2025-42902, CVE-2025-42903, CVE-2025-42906, CVE-2025-42908, CVE-2025-42909, CVE-2025-42910, CVE-2025-42937, CVE-2025-42939 - 1 updated CVEs: CVE-2025-42907
        Date: Tue, 14 Oct 2025 00:35:23 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index a5ccb609b6..f84d42cfe1 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-07 17:30:26.724165+00:00 for kernel version 6.12.51
-# From linux_kernel_cves cve_2025-10-07_1700Z
+# Generated at 2025-10-14 01:23:30.027767+00:00 for kernel version 6.12.52
+# From linux_kernel_cves 2025-10-14_baseline-1-gddc0a257837
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.51"
+    this_version = "6.12.52"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4648,11 +4648,11 @@ CVE_STATUS[CVE-2022-50228] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50229] = "fixed-version: Fixed from version 6.0"
 
-# CVE-2022-50230 has no known resolution
+CVE_STATUS[CVE-2022-50230] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50231] = "fixed-version: Fixed from version 6.0"
 
-# CVE-2022-50232 has no known resolution
+CVE_STATUS[CVE-2022-50232] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50233] = "fixed-version: Fixed from version 6.0"
 
@@ -4664,7 +4664,7 @@ CVE_STATUS[CVE-2022-50236] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50239] = "fixed-version: Fixed from version 6.1"
 
-# CVE-2022-50240 has no known resolution
+CVE_STATUS[CVE-2022-50240] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50241] = "fixed-version: Fixed from version 6.1"
 
@@ -4858,8 +4858,6 @@ CVE_STATUS[CVE-2022-50336] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50337] = "fixed-version: Fixed from version 6.2"
 
-# CVE-2022-50338 has no known resolution
-
 CVE_STATUS[CVE-2022-50339] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50340] = "fixed-version: Fixed from version 6.2"
@@ -4938,7 +4936,7 @@ CVE_STATUS[CVE-2022-50378] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50379] = "fixed-version: Fixed from version 6.1"
 
-# CVE-2022-50380 has no known resolution
+CVE_STATUS[CVE-2022-50380] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50381] = "fixed-version: Fixed from version 6.2"
 
@@ -5074,8 +5072,6 @@ CVE_STATUS[CVE-2022-50448] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50449] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50450] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2022-50451] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50452] = "fixed-version: Fixed from version 6.1"
@@ -5084,8 +5080,6 @@ CVE_STATUS[CVE-2022-50453] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50454] = "fixed-version: Fixed from version 6.1"
 
-CVE_STATUS[CVE-2022-50455] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2022-50456] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50457] = "fixed-version: Fixed from version 6.2"
@@ -5148,8 +5142,6 @@ CVE_STATUS[CVE-2022-50485] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50486] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50487] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50488] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50489] = "fixed-version: Fixed from version 6.1"
@@ -5176,8 +5168,6 @@ CVE_STATUS[CVE-2022-50500] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50501] = "fixed-version: Fixed from version 6.2"
 
-# CVE-2022-50502 has no known resolution
-
 CVE_STATUS[CVE-2022-50503] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50504] = "fixed-version: Fixed from version 6.2"
@@ -7114,7 +7104,7 @@ CVE_STATUS[CVE-2023-53467] = "fixed-version: Fixed from version 6.3"
 
 CVE_STATUS[CVE-2023-53468] = "fixed-version: Fixed from version 6.3"
 
-# CVE-2023-53469 has no known resolution
+CVE_STATUS[CVE-2023-53469] = "fixed-version: Fixed from version 6.5"
 
 CVE_STATUS[CVE-2023-53470] = "fixed-version: Fixed from version 6.4"
 
@@ -7458,7 +7448,7 @@ CVE_STATUS[CVE-2023-53640] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-53641] = "fixed-version: Fixed from version 6.4"
 
-# CVE-2023-53642 has no known resolution
+CVE_STATUS[CVE-2023-53642] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-53643] = "fixed-version: Fixed from version 6.3"
 
@@ -14388,7 +14378,7 @@ CVE_STATUS[CVE-2025-21986] = "cpe-stable-backport: Backported in 6.12.20"
 
 CVE_STATUS[CVE-2025-21987] = "cpe-stable-backport: Backported in 6.12.18"
 
-# CVE-2025-21988 has no known resolution
+CVE_STATUS[CVE-2025-21988] = "cpe-stable-backport: Backported in 6.12.20"
 
 CVE_STATUS[CVE-2025-21989] = "cpe-stable-backport: Backported in 6.12.20"
 
@@ -15448,7 +15438,7 @@ CVE_STATUS[CVE-2025-38103] = "cpe-stable-backport: Backported in 6.12.34"
 
 CVE_STATUS[CVE-2025-38104] = "cpe-stable-backport: Backported in 6.12.39"
 
-# CVE-2025-38105 needs backporting (fixed from 6.16)
+CVE_STATUS[CVE-2025-38105] = "cpe-stable-backport: Backported in 6.12.52"
 
 CVE_STATUS[CVE-2025-38106] = "cpe-stable-backport: Backported in 6.12.34"
 
@@ -17260,6 +17250,30 @@ CVE_STATUS[CVE-2025-39952] = "cpe-stable-backport: Backported in 6.12.49"
 
 CVE_STATUS[CVE-2025-39953] = "cpe-stable-backport: Backported in 6.12.49"
 
+CVE_STATUS[CVE-2025-39954] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39955] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39956] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39957] = "cpe-stable-backport: Backported in 6.12.49"
+
+# CVE-2025-39958 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39959] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39960] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39961] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39962] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39963] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39964] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39965] = "cpe-stable-backport: Backported in 6.12.50"
+
 CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-40014 needs backporting (fixed from 6.15)
@@ -17270,5 +17284,5 @@ CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
 
 # CVE-2025-40325 needs backporting (fixed from 6.15)
 
-# CVE-2025-40364 has no known resolution
+CVE_STATUS[CVE-2025-40364] = "cpe-stable-backport: Backported in 6.12.14"