linux-yocto/6.1: update CVE exclusions

author Bruce Ashfield <bruce.ashfield@gmail.com>

Wed, 3 Jan 2024 21:24:21 +0000 (16:24 -0500)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Thu, 4 Jan 2024 23:47:04 +0000 (23:47 +0000)
author Bruce Ashfield <bruce.ashfield@gmail.com>
Wed, 3 Jan 2024 21:24:21 +0000 (16:24 -0500)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Thu, 4 Jan 2024 23:47:04 +0000 (23:47 +0000)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc

index 3cf11d6daf6180feb46a710f88a9886276f6fb89..8d345831d351ee630db37a6c6b2f57e081e86c3d 100644 (file)
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -1,9 +1,9 @@
  
  # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68
+# Generated at 2024-01-03 21:24:21.156991+00:00 for version 6.1.70
  
  python check_kernel_cve_status_version() {
-    this_version = "6.1.68"
+    this_version = "6.1.70"
      kernel_version = d.getVar("LINUX_VERSION")
      if kernel_version != this_version:
          bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5108,12 +5108,22 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54"
  
  CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54"
  
+# CVE-2023-50431 has no known resolution
+
  CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62"
  
  CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57"
  
+# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
+
  CVE_STATUS[CVE-2023-5178] = "cpe-stable-backport: Backported in 6.1.60"
  
+CVE_STATUS[CVE-2023-51780] = "cpe-stable-backport: Backported in 6.1.69"
+
+CVE_STATUS[CVE-2023-51781] = "cpe-stable-backport: Backported in 6.1.69"
+
+CVE_STATUS[CVE-2023-51782] = "cpe-stable-backport: Backported in 6.1.69"
+
  CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56"
  
  CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56"
@@ -5122,7 +5132,7 @@ CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards"
  
  CVE_STATUS[CVE-2023-5717] = "cpe-stable-backport: Backported in 6.1.60"
  
-# CVE-2023-5972 needs backporting (fixed from 6.6rc7)
+CVE_STATUS[CVE-2023-5972] = "fixed-version: only affects 6.2rc1 onwards"
  
  # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
  
@@ -5134,3 +5144,29 @@ CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54"
  
  # CVE-2023-6238 has no known resolution
  
+# CVE-2023-6356 has no known resolution
+
+# CVE-2023-6535 has no known resolution
+
+# CVE-2023-6536 has no known resolution
+
+CVE_STATUS[CVE-2023-6546] = "cpe-stable-backport: Backported in 6.1.47"
+
+# CVE-2023-6560 needs backporting (fixed from 6.7rc4)
+
+# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
+
+# CVE-2023-6610 needs backporting (fixed from 6.7rc7)
+
+CVE_STATUS[CVE-2023-6622] = "cpe-stable-backport: Backported in 6.1.68"
+
+# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
+
+CVE_STATUS[CVE-2023-6817] = "cpe-stable-backport: Backported in 6.1.68"
+
+CVE_STATUS[CVE-2023-6931] = "cpe-stable-backport: Backported in 6.1.68"
+
+CVE_STATUS[CVE-2023-6932] = "cpe-stable-backport: Backported in 6.1.66"
+
+# CVE-2023-7042 has no known resolution
+
author	Bruce Ashfield <bruce.ashfield@gmail.com>
	Wed, 3 Jan 2024 21:24:21 +0000 (16:24 -0500)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 4 Jan 2024 23:47:04 +0000 (23:47 +0000)