From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Thu, 23 Apr 2026 15:32:09 +0000 (-0400)
Subject: linux-yocto/6.18: update CVE exclusions (6.18.20)
X-Git-Tag: yocto-6.0~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ebe046e967088e7675e6a458dbca89ebf9efa6a9;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

linux-yocto/6.18: update CVE exclusions (6.18.20)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 13 changes (7 new | 6 updated): - 7 new CVEs: CVE-2026-31943, CVE-2026-31945, CVE-2026-31950, CVE-2026-31951, CVE-2026-32241, CVE-2026-34389, CVE-2026-34391 - 6 updated CVEs: CVE-2026-26060, CVE-2026-33284, CVE-2026-34374, CVE-2026-34387, CVE-2026-4966, CVE-2026-4972
        Date: Fri, 27 Mar 2026 19:35:44 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 73b93ff135..8f458e9d10 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-03-23 02:14:01.393507+00:00 for kernel version 6.18.19
-# From linux_kernel_cves cve_2026-03-23_0100Z
+# Generated at 2026-03-27 19:44:12.925073+00:00 for kernel version 6.18.20
+# From linux_kernel_cves cve_2026-03-27_1900Z-1-g663ca5d2278
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.19"
+    this_version = "6.18.20"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -2770,8 +2770,6 @@ CVE_STATUS[CVE-2022-49265] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49266] = "fixed-version: Fixed from version 5.18"
 
-CVE_STATUS[CVE-2022-49267] = "fixed-version: Fixed from version 5.18"
-
 CVE_STATUS[CVE-2022-49268] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49269] = "fixed-version: Fixed from version 5.18"
@@ -9916,8 +9914,6 @@ CVE_STATUS[CVE-2024-27040] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-27041] = "fixed-version: Fixed from version 6.9"
 
-CVE_STATUS[CVE-2024-27042] = "fixed-version: Fixed from version 6.9"
-
 CVE_STATUS[CVE-2024-27043] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-27044] = "fixed-version: Fixed from version 6.9"
@@ -21040,3 +21036,245 @@ CVE_STATUS[CVE-2026-23277] = "cpe-stable-backport: Backported in 6.18.19"
 
 CVE_STATUS[CVE-2026-23278] = "cpe-stable-backport: Backported in 6.18.19"
 
+CVE_STATUS[CVE-2026-23279] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23280] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23281] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23282] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23283] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23284] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23285] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23290] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23291] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23292] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23293] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23294] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23295] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23296] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23297] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23298] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23299] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23300] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23301] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23302] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23303] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23304] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23305] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23306] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23307] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23308] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23309] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23310] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23311] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23312] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23313] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23314] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23315] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23316] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23317] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23320] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23322] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23323] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23324] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23326] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23327 needs backporting (fixed from 7.0rc2)
+
+# CVE-2026-23328 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23329] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23330] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23333 has no known resolution
+
+CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23336] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23337] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23338] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23342] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23343] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23344] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23345] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23346] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23347] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23348] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23349] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23350] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23351] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23352] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23353] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23354] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23355] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23356] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23357] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23358] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23359] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23360] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23361] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23362] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23363] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23364] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-23365] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23366] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23367] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23368] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23369] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23371 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23373] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23374 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23375] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23376] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23377 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23379] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23380] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23381] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23382] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23383] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23384] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23385] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23386] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23389 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23390] = "cpe-stable-backport: Backported in 6.18.13"
+
+CVE_STATUS[CVE-2026-23391] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23393] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23394 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23396] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-31788 has no known resolution
+