From: Bruce Ashfield <bruce.ashfield@gmail.com>
Date: Thu, 23 Apr 2026 15:32:13 +0000 (-0400)
Subject: linux-yocto/6.18: update CVE exclusions (6.18.22)
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=69ee2ca6f7eca8cee6ed810aa73b98ddbb09b35f;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

linux-yocto/6.18: update CVE exclusions (6.18.22)

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 4 changes (4 new | 0 updated): - 4 new CVEs: CVE-2026-33714, CVE-2026-33715, CVE-2026-34160, CVE-2026-34161 - 0 updated CVEs:
        Date: Tue, 14 Apr 2026 21:14:51 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 03f89ed9eb..2429851ff8 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-04-08 14:33:17.297345+00:00 for kernel version 6.18.21
-# From linux_kernel_cves cve_2026-04-08_1300Z-1-g105fda2ec51
+# Generated at 2026-04-14 21:26:55.774766+00:00 for kernel version 6.18.22
+# From linux_kernel_cves cve_2026-04-14_2000Z-2-gad6d9150d01
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.21"
+    this_version = "6.18.22"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -21052,7 +21052,7 @@ CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.18.17"
 
-CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19 onwards"
+CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19.4 onwards"
 
 CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21128,9 +21128,9 @@ CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23326] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23327 needs backporting (fixed from 7.0rc2)
+# CVE-2026-23327 needs backporting (fixed from 7.0)
 
-# CVE-2026-23328 needs backporting (fixed from 7.0rc3)
+# CVE-2026-23328 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23329] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21140,8 +21140,6 @@ CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23333 needs backporting (fixed from 7.0rc1)
-
 CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.18.17"
@@ -21156,7 +21154,7 @@ CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.18.17"
 
-CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19 onwards"
+CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19.4 onwards"
 
 CVE_STATUS[CVE-2026-23342] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21216,19 +21214,19 @@ CVE_STATUS[CVE-2026-23369] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23371 needs backporting (fixed from 7.0rc3)
+# CVE-2026-23371 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23373] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23374 needs backporting (fixed from 7.0rc3)
+# CVE-2026-23374 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23375] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23376] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23377 needs backporting (fixed from 7.0rc3)
+# CVE-2026-23377 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21252,7 +21250,7 @@ CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23389 needs backporting (fixed from 7.0rc3)
+CVE_STATUS[CVE-2026-23389] = "cpe-stable-backport: Backported in 6.18.22"
 
 CVE_STATUS[CVE-2026-23390] = "cpe-stable-backport: Backported in 6.18.13"
 
@@ -21262,7 +21260,7 @@ CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23393] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-23394 needs backporting (fixed from 7.0rc5)
+# CVE-2026-23394 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.18.20"
 
@@ -21358,7 +21356,7 @@ CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-23442 needs backporting (fixed from 7.0rc5)
+# CVE-2026-23442 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.18.20"
 
@@ -21392,7 +21390,7 @@ CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-23459 needs backporting (fixed from 7.0rc5)
+# CVE-2026-23459 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.18.20"
 
@@ -21416,8 +21414,6 @@ CVE_STATUS[CVE-2026-23469] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23470] = "cpe-stable-backport: Backported in 6.18.20"
 
-CVE_STATUS[CVE-2026-23471] = "cpe-stable-backport: Backported in 6.18.20"
-
 CVE_STATUS[CVE-2026-23472] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23473] = "cpe-stable-backport: Backported in 6.18.20"
@@ -21462,7 +21458,7 @@ CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.18.19"
 
 CVE_STATUS[CVE-2026-31406] = "cpe-stable-backport: Backported in 6.18.21"
 
-# CVE-2026-31407 needs backporting (fixed from 7.0rc5)
+# CVE-2026-31407 needs backporting (fixed from 7.0)
 
 CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.18.21"
 
@@ -21472,5 +21468,39 @@ CVE_STATUS[CVE-2026-31410] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.18.14"
 
+CVE_STATUS[CVE-2026-31412] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-31413] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31414] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31415] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31416] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31417] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31418] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31419] = "cpe-stable-backport: Backported in 6.18.22"
+
+# CVE-2026-31420 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-31421] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31422] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31423] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31424] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31425] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31426] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31427] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31428] = "cpe-stable-backport: Backported in 6.18.21"
+
 CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.18.20"