linux-yocto: update kernel CVE status

Handles the following CVEs: 6.1: - CVE-2022-4098 - CVE-2023-0160 - CVE-2023-20569 - CVE-2023-20588 - CVE-2023-33250 - CVE-2023-34319 - CVE-2023-40283 - CVE-2023-4128 - CVE-2023-4155 - CVE-2023-4194 - CVE-2023-4273 - CVE-2023-4385 - CVE-2023-4387 - CVE-2023-4389 6.4: - CVE-2022-40982 - CVE-2023-0160 - CVE-2023-20569 - CVE-2023-20588 - CVE-2023-33250 - CVE-2023-34319 - CVE-2023-40283 - CVE-2023-4128 - CVE-2023-4155 - CVE-2023-4194 - CVE-2023-4273 - CVE-2023-4385 - CVE-2023-4387 - CVE-2023-4389 - CVE-2023-4394 - CVE-2023-4459 (From OE-Core rev: 2020aee444868742590f44d149d11565fc9f58c4) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-01 13:58:04 +00:00 · 2023-09-04 13:36:31 +01:00 · 2023-09-04 13:36:31 +01:00 · e42e2cfc12
commit e42e2cfc12
parent 7837dcdb44
2 changed files with 54 additions and 26 deletions
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@ -1,6 +1,6 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 12:42:35.329668 for version 6.1.46"
+# Generated at 2023-09-04 13:17:06.462373 for version 6.1.46

 python check_kernel_cve_status_version() {
    this_version = "6.1.46"
@ -3354,6 +3354,8 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed after version 5.9"

 CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4"

+# CVE-2020-27418 has no known resolution
+
 CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1"

 CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1"
@ -4460,7 +4462,7 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1"

 CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4"

-# CVE-2022-40982 has no known resolution
+CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.1.44"

 CVE_STATUS[CVE-2022-41218] = "cpe-stable-backport: Backported in 6.1.4"

@ -4588,7 +4590,7 @@ CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed after version 5.16rc1"

 CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4"

-# CVE-2023-0160 has no known resolution
+CVE_STATUS[CVE-2023-0160] = "cpe-stable-backport: Backported in 6.1.28"

 CVE_STATUS[CVE-2023-0179] = "cpe-stable-backport: Backported in 6.1.7"

@ -4702,9 +4704,9 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4"

 CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1"

-# CVE-2023-20569 has no known resolution
+CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.1.44"

-# CVE-2023-20588 has no known resolution
+CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.1.45"

 CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.1.41"

@ -4900,7 +4902,7 @@ CVE_STATUS[CVE-2023-3317] = "fixed-version: only affects 6.2rc1 onwards"

 CVE_STATUS[CVE-2023-33203] = "cpe-stable-backport: Backported in 6.1.22"

-# CVE-2023-33250 has no known resolution
+CVE_STATUS[CVE-2023-33250] = "fixed-version: only affects 6.2rc1 onwards"

 CVE_STATUS[CVE-2023-33288] = "cpe-stable-backport: Backported in 6.1.22"

@ -4928,7 +4930,7 @@ CVE_STATUS[CVE-2023-34255] = "cpe-stable-backport: Backported in 6.1.33"

 CVE_STATUS[CVE-2023-34256] = "cpe-stable-backport: Backported in 6.1.29"

-# CVE-2023-34319 has no known resolution
+CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.1.44"

 CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5"

@ -4964,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.1.40"

 # CVE-2023-37454 has no known resolution

-# CVE-2023-3772 has no known resolution
+# CVE-2023-3772 needs backporting (fixed from 6.1.47)

-# CVE-2023-3773 has no known resolution
+# CVE-2023-3773 needs backporting (fixed from 6.1.47)

 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.1.40"

@ -4994,7 +4996,9 @@ CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42"

 # CVE-2023-4010 has no known resolution

-# CVE-2023-4128 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.1.45"

 CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39"

@ -5004,9 +5008,19 @@ CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.1.39"

 CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.1.43"

-# CVE-2023-4155 has no known resolution
+CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.1.46"

-# CVE-2023-4194 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-4194] = "fixed-version: only affects 6.3rc1 onwards"

-# CVE-2023-4273 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.1.45"
+
+CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed after version 5.19rc1"
+
+CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed after version 5.18"
+
+CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed after version 5.18rc3"
+
+CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed after version 6.0rc3"
+
+CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed after version 5.18"

--- a/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.4.inc
@ -1,6 +1,6 @@

 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2023-08-25 12:42:28.369507 for version 6.4.11"
+# Generated at 2023-09-04 13:17:16.330789 for version 6.4.11

 python check_kernel_cve_status_version() {
    this_version = "6.4.11"
@ -3354,6 +3354,8 @@ CVE_STATUS[CVE-2020-27194] = "fixed-version: Fixed after version 5.9"

 CVE_STATUS[CVE-2020-2732] = "fixed-version: Fixed after version 5.6rc4"

+# CVE-2020-27418 has no known resolution
+
 CVE_STATUS[CVE-2020-27673] = "fixed-version: Fixed after version 5.10rc1"

 CVE_STATUS[CVE-2020-27675] = "fixed-version: Fixed after version 5.10rc1"
@ -4460,7 +4462,7 @@ CVE_STATUS[CVE-2022-40768] = "fixed-version: Fixed after version 6.1rc1"

 CVE_STATUS[CVE-2022-4095] = "fixed-version: Fixed after version 6.0rc4"

-# CVE-2022-40982 has no known resolution
+CVE_STATUS[CVE-2022-40982] = "cpe-stable-backport: Backported in 6.4.9"

 CVE_STATUS[CVE-2022-41218] = "fixed-version: Fixed after version 6.2rc1"

@ -4588,7 +4590,7 @@ CVE_STATUS[CVE-2023-0047] = "fixed-version: Fixed after version 5.16rc1"

 CVE_STATUS[CVE-2023-0122] = "fixed-version: Fixed after version 6.0rc4"

-# CVE-2023-0160 has no known resolution
+CVE_STATUS[CVE-2023-0160] = "fixed-version: Fixed after version 6.4rc1"

 CVE_STATUS[CVE-2023-0179] = "fixed-version: Fixed after version 6.2rc5"

@ -4702,9 +4704,9 @@ CVE_STATUS[CVE-2023-2008] = "fixed-version: Fixed after version 5.19rc4"

 CVE_STATUS[CVE-2023-2019] = "fixed-version: Fixed after version 6.0rc1"

-# CVE-2023-20569 has no known resolution
+CVE_STATUS[CVE-2023-20569] = "cpe-stable-backport: Backported in 6.4.9"

-# CVE-2023-20588 has no known resolution
+CVE_STATUS[CVE-2023-20588] = "cpe-stable-backport: Backported in 6.4.10"

 CVE_STATUS[CVE-2023-20593] = "cpe-stable-backport: Backported in 6.4.6"

@ -4900,7 +4902,7 @@ CVE_STATUS[CVE-2023-3317] = "fixed-version: Fixed after version 6.3rc6"

 CVE_STATUS[CVE-2023-33203] = "fixed-version: Fixed after version 6.3rc4"

-# CVE-2023-33250 has no known resolution
+CVE_STATUS[CVE-2023-33250] = "cpe-stable-backport: Backported in 6.4.4"

 CVE_STATUS[CVE-2023-33288] = "fixed-version: Fixed after version 6.3rc4"

@ -4928,7 +4930,7 @@ CVE_STATUS[CVE-2023-34255] = "fixed-version: Fixed after version 6.4rc1"

 CVE_STATUS[CVE-2023-34256] = "fixed-version: Fixed after version 6.4rc2"

-# CVE-2023-34319 has no known resolution
+CVE_STATUS[CVE-2023-34319] = "cpe-stable-backport: Backported in 6.4.9"

 CVE_STATUS[CVE-2023-3439] = "fixed-version: Fixed after version 5.18rc5"

@ -4964,9 +4966,9 @@ CVE_STATUS[CVE-2023-3611] = "cpe-stable-backport: Backported in 6.4.5"

 # CVE-2023-37454 has no known resolution

-# CVE-2023-3772 has no known resolution
+# CVE-2023-3772 needs backporting (fixed from 6.4.12)

-# CVE-2023-3773 has no known resolution
+# CVE-2023-3773 needs backporting (fixed from 6.4.12)

 CVE_STATUS[CVE-2023-3776] = "cpe-stable-backport: Backported in 6.4.5"

@ -4994,7 +4996,9 @@ CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.4.7"

 # CVE-2023-4010 has no known resolution

-# CVE-2023-4128 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-40283] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4128] = "cpe-stable-backport: Backported in 6.4.10"

 CVE_STATUS[CVE-2023-4132] = "cpe-stable-backport: Backported in 6.4.4"

@ -5004,9 +5008,19 @@ CVE_STATUS[CVE-2023-4134] = "cpe-stable-backport: Backported in 6.4.4"

 CVE_STATUS[CVE-2023-4147] = "cpe-stable-backport: Backported in 6.4.8"

-# CVE-2023-4155 has no known resolution
+CVE_STATUS[CVE-2023-4155] = "cpe-stable-backport: Backported in 6.4.11"

-# CVE-2023-4194 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-4194] = "cpe-stable-backport: Backported in 6.4.10"

-# CVE-2023-4273 needs backporting (fixed from 6.5rc5)
+CVE_STATUS[CVE-2023-4273] = "cpe-stable-backport: Backported in 6.4.10"
+
+CVE_STATUS[CVE-2023-4385] = "fixed-version: Fixed after version 5.19rc1"
+
+CVE_STATUS[CVE-2023-4387] = "fixed-version: Fixed after version 5.18"
+
+CVE_STATUS[CVE-2023-4389] = "fixed-version: Fixed after version 5.18rc3"
+
+CVE_STATUS[CVE-2023-4394] = "fixed-version: Fixed after version 6.0rc3"
+
+CVE_STATUS[CVE-2023-4459] = "fixed-version: Fixed after version 5.18"