From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Wed, 14 Jan 2026 17:24:02 +0000 (-0500)
Subject: linux-yocto/6.18: update CVE exclusions (6.18.5)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bfd3b56b2e8dcaa36456f7d17fb3b0680ab7e7fc;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

linux-yocto/6.18: update CVE exclusions (6.18.5)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 6 changes (2 new | 4 updated): - 2 new CVEs: CVE-2025-46068, CVE-2025-46070 - 4 updated CVEs: CVE-2025-46066, CVE-2025-46067, CVE-2025-71063, CVE-2026-0851
        Date: Mon, 12 Jan 2026 16:41:36 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 7fc5c65044..708c5a8506 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-05 17:52:47.379252+00:00 for kernel version 6.18.3
-# From linux_kernel_cves cve_2026-01-05_1700Z-3-gfc562e1b2e5
+# Generated at 2026-01-12 16:52:57.037978+00:00 for kernel version 6.18.5
+# From linux_kernel_cves cve_2026-01-12_1600Z-2-g6b70380b71e
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.3"
+    this_version = "6.18.5"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -19536,8 +19536,6 @@ CVE_STATUS[CVE-2025-40359] = "fixed-version: Fixed from version 6.18"
 
 CVE_STATUS[CVE-2025-40360] = "fixed-version: Fixed from version 6.18"
 
-CVE_STATUS[CVE-2025-40361] = "fixed-version: Fixed from version 6.18"
-
 CVE_STATUS[CVE-2025-40362] = "fixed-version: Fixed from version 6.18"
 
 CVE_STATUS[CVE-2025-40363] = "fixed-version: Fixed from version 6.18"
@@ -19892,7 +19890,7 @@ CVE_STATUS[CVE-2025-68355] = "cpe-stable-backport: Backported in 6.18.2"
 
 CVE_STATUS[CVE-2025-68356] = "cpe-stable-backport: Backported in 6.18.2"
 
-CVE_STATUS[CVE-2025-68357] = "cpe-stable-backport: Backported in 6.18.2"
+CVE_STATUS[CVE-2025-68357] = "fixed-version: Fixed from version 6.12.64"
 
 CVE_STATUS[CVE-2025-68358] = "cpe-stable-backport: Backported in 6.18.2"