]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 990d1cb)
cve-extra-exclusion: ignore disputed CVE-2023-23005
authorYoann Congal <yoann.congal@smile.fr>
Thu, 6 Apr 2023 14:19:23 +0000 (16:19 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Fri, 7 Apr 2023 14:14:15 +0000 (15:14 +0100)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Frank WOLFF <frank.wolff@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/conf/distro/include/cve-extra-exclusions.inc patch | blob | blame | history

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index 0b895985015b065db1691bfa796eb34fed0ce90a..439d569f7d00951fb47badb2e2e73e69077dd93d 100644 (file)
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -485,6 +485,16 @@ CVE_CHECK_IGNORE += "CVE-2023-1281"
 # Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2023-23005
+# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b
+# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee
+# But, the CVE is disputed:
+# > NOTE: this is disputed by third parties because there are no realistic cases
+# > in which a user can cause the alloc_memory_type error case to be reached.
+# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2
+# We can safely ignore it.
+CVE_CHECK_IGNORE += "CVE-2023-23005"
+
 # https://nvd.nist.gov/vuln/detail/CVE-2023-28466
 # Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218
 # Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
Mirror of git://git.openembedded.org/openembedded-core