From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Fri, 6 Feb 2026 20:27:24 +0000 (-0500)
Subject: linux-yocto/6.18: update CVE exclusions (6.18.7)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89986802b3571dafa3eb9212245bdd82c5be8ee9;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

linux-yocto/6.18: update CVE exclusions (6.18.7)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 10 changes (10 new | 0 updated): - 10 new CVEs: CVE-2025-11065, CVE-2025-11687, CVE-2025-14459, CVE-2025-14525, CVE-2025-14969, CVE-2025-9520, CVE-2025-9521, CVE-2025-9522, CVE-2026-0810, CVE-2026-1190 - 0 updated CVEs:
        Date: Mon, 26 Jan 2026 19:39:25 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 38f260d231..a29732706e 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-22 14:32:14.186712+00:00 for kernel version 6.18.6
-# From linux_kernel_cves cve_2026-01-22_1400Z
+# Generated at 2026-01-26 19:48:18.296749+00:00 for kernel version 6.18.7
+# From linux_kernel_cves cve_2026-01-26_1900Z-2-g425a25ddf37
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.6"
+    this_version = "6.18.7"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -20158,7 +20158,7 @@ CVE_STATUS[CVE-2025-71072] = "cpe-stable-backport: Backported in 6.18.3"
 
 CVE_STATUS[CVE-2025-71073] = "cpe-stable-backport: Backported in 6.18.3"
 
-CVE_STATUS[CVE-2025-71074] = "cpe-stable-backport: Backported in 6.18.3"
+# CVE-2025-71074 needs backporting (fixed from 6.19rc1)
 
 CVE_STATUS[CVE-2025-71075] = "cpe-stable-backport: Backported in 6.18.3"
 
@@ -20300,7 +20300,117 @@ CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.18.4"
 
 CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.18.5"
 
+# CVE-2025-71145 has no known resolution
+
+CVE_STATUS[CVE-2025-71146] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71147] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71148] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71149] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71150] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71151] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71152] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71153] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71154] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71155] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71156] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71157] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71158] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2025-71159] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2025-71160] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2025-71161] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2025-71162] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2025-71163] = "cpe-stable-backport: Backported in 6.18.7"
+
 CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.18.6"
 
 CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.18.6"
 
+CVE_STATUS[CVE-2026-22978] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22979] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22980] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22981] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22982] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22983] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22984] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22985] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22986] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22987] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22988] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22989] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22990] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22991] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22992] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22993] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22994] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22995] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22996] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-22997] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-22998] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-22999] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23000] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23001] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23002] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23003] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23004] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23005] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23006] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23007] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23008] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23009] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23010] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23011] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23012] = "cpe-stable-backport: Backported in 6.18.7"
+
+CVE_STATUS[CVE-2026-23013] = "cpe-stable-backport: Backported in 6.18.7"
+