diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index b408071a67..127350ca58 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,12 +1,12 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-07-18 14:17:49.367230+00:00 for kernel version 6.12.39
-# From linux_kernel_cves cve_2025-07-18_1400Z
+# Generated at 2025-07-25 02:49:32.259439+00:00 for kernel version 6.12.40
+# From linux_kernel_cves cve_2025-07-25_0100Z-1-g854b2f05e2c
 
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.39"
+    this_version = "6.12.40"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -12939,7 +12939,7 @@ CVE_STATUS[CVE-2025-22112] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-22114] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-22115 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22115] = "cpe-stable-backport: Backported in 6.12.40"
 
 # CVE-2025-22116 needs backporting (fixed from 6.15)
 
@@ -14237,6 +14237,12 @@ CVE_STATUS[CVE-2025-38348] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-38349] = "cpe-stable-backport: Backported in 6.12.39"
 
+CVE_STATUS[CVE-2025-38350] = "cpe-stable-backport: Backported in 6.12.37"
+
+# CVE-2025-38351 needs backporting (fixed from 6.16rc6)
+
+CVE_STATUS[CVE-2025-38352] = "cpe-stable-backport: Backported in 6.12.34"
+
 CVE_STATUS[CVE-2025-38479] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-38575] = "cpe-stable-backport: Backported in 6.12.23"