From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Fri, 6 Feb 2026 20:27:20 +0000 (-0500)
Subject: linux-yocto/6.12: update CVE exclusions (6.12.67)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f66a754a17fd9051c385f8cfd7b8e132199d5d4e;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

linux-yocto/6.12: update CVE exclusions (6.12.67)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 4 changes (0 new | 4 updated): - 0 new CVEs: - 4 updated CVEs: CVE-2025-71178, CVE-2026-0925, CVE-2026-24435, CVE-2026-24439
        Date: Mon, 26 Jan 2026 19:55:24 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 52ab4eb807..9dcbf53ae1 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-22 16:37:18.329435+00:00 for kernel version 6.12.66
-# From linux_kernel_cves cve_2026-01-22_1600Z-1-g55b49f6e4ba
+# Generated at 2026-01-26 19:56:55.495453+00:00 for kernel version 6.12.67
+# From linux_kernel_cves cve_2026-01-26_1900Z-4-gac26e21104f
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.66"
+    this_version = "6.12.67"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -17198,7 +17198,7 @@ CVE_STATUS[CVE-2025-38246] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2025-38247] = "fixed-version: only affects 6.15 onwards"
 
-# CVE-2025-38248 needs backporting (fixed from 6.16)
+CVE_STATUS[CVE-2025-38248] = "cpe-stable-backport: Backported in 6.12.67"
 
 CVE_STATUS[CVE-2025-38249] = "cpe-stable-backport: Backported in 6.12.36"
 
@@ -17882,7 +17882,7 @@ CVE_STATUS[CVE-2025-38589] = "fixed-version: only affects 6.13 onwards"
 
 CVE_STATUS[CVE-2025-38590] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38591 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-38591] = "cpe-stable-backport: Backported in 6.12.67"
 
 CVE_STATUS[CVE-2025-38592] = "fixed-version: only affects 6.15 onwards"
 
@@ -19482,9 +19482,9 @@ CVE_STATUS[CVE-2025-40332] = "cpe-stable-backport: Backported in 6.12.58"
 
 CVE_STATUS[CVE-2025-40333] = "cpe-stable-backport: Backported in 6.12.58"
 
-# CVE-2025-40334 needs backporting (fixed from 6.18)
+CVE_STATUS[CVE-2025-40334] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-40335 needs backporting (fixed from 6.18)
+CVE_STATUS[CVE-2025-40335] = "fixed-version: only affects 6.16 onwards"
 
 CVE_STATUS[CVE-2025-40336] = "fixed-version: only affects 6.15 onwards"
 
@@ -19600,7 +19600,7 @@ CVE_STATUS[CVE-2025-68194] = "cpe-stable-backport: Backported in 6.12.58"
 
 # CVE-2025-68195 has no known resolution
 
-# CVE-2025-68196 needs backporting (fixed from 6.18)
+CVE_STATUS[CVE-2025-68196] = "fixed-version: only affects 6.17 onwards"
 
 CVE_STATUS[CVE-2025-68197] = "fixed-version: only affects 6.13 onwards"
 
@@ -20300,7 +20300,117 @@ CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.12.64"
 
 CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.12.65"
 
+# CVE-2025-71145 has no known resolution
+
+CVE_STATUS[CVE-2025-71146] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71147] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71148] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71149] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71150] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71151] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-71152 needs backporting (fixed from 6.19rc4)
+
+CVE_STATUS[CVE-2025-71153] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71154] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71155] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71156] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71157] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71158] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-71159] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71160] = "cpe-stable-backport: Backported in 6.12.66"
+
+# CVE-2025-71161 needs backporting (fixed from 6.19rc1)
+
+CVE_STATUS[CVE-2025-71162] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2025-71163] = "cpe-stable-backport: Backported in 6.12.67"
+
 CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.12.66"
 
 CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.12.66"
 
+CVE_STATUS[CVE-2026-22978] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22979] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22980] = "cpe-stable-backport: Backported in 6.12.66"
+
+# CVE-2026-22981 needs backporting (fixed from 6.19rc5)
+
+CVE_STATUS[CVE-2026-22982] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22983] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-22984] = "cpe-stable-backport: Backported in 6.12.66"
+
+# CVE-2026-22985 needs backporting (fixed from 6.19rc5)
+
+# CVE-2026-22986 needs backporting (fixed from 6.19rc5)
+
+CVE_STATUS[CVE-2026-22987] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-22988] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22989] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22990] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22991] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22992] = "cpe-stable-backport: Backported in 6.12.66"
+
+# CVE-2026-22993 needs backporting (fixed from 6.19rc5)
+
+CVE_STATUS[CVE-2026-22994] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22995] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2026-22996] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-22997] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-22998] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-22999] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23000] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23001] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23002] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23003] = "cpe-stable-backport: Backported in 6.12.67"
+
+# CVE-2026-23004 needs backporting (fixed from 6.19rc6)
+
+CVE_STATUS[CVE-2026-23005] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23006] = "cpe-stable-backport: Backported in 6.12.67"
+
+# CVE-2026-23007 needs backporting (fixed from 6.19rc6)
+
+CVE_STATUS[CVE-2026-23008] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-23009] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2026-23010] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23011] = "cpe-stable-backport: Backported in 6.12.67"
+
+CVE_STATUS[CVE-2026-23012] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2026-23013] = "cpe-stable-backport: Backported in 6.12.67"
+