5.15: update CVE exclusions"

Steve Sakoman Thu, 07 Mar 2024 15:37:43 -0800

This series is causing issues with adding and resizing partitions.

This reverts commit c7c86d97f6a0e1d09eaca999ecec13656655f299.
---
 .../linux/cve-exclusion_5.15.inc              | 44 +++----------------
 1 file changed, 7 insertions(+), 37 deletions(-)


diff --git a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc 
b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
index 0d54b414d9..84d0becb8d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_5.15.inc
@@ -1,9 +1,9 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2024-01-18 18:47:24.084935 for version 5.15.147
+# Generated at 2024-01-11 21:16:55.956074 for version 5.15.146
 
 python check_kernel_cve_status_version() {
-    this_version = "5.15.147"
+    this_version = "5.15.146"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel 
is %s" % (this_version, kernel_version))
@@ -6626,9 +6626,6 @@ CVE_CHECK_IGNORE += "CVE-2022-48425"
 # cpe-stable-backport: Backported in 5.15.121
 CVE_CHECK_IGNORE += "CVE-2022-48502"
 
-# cpe-stable-backport: Backported in 5.15.42
-CVE_CHECK_IGNORE += "CVE-2022-48619"
-
 # fixed-version: Fixed after version 5.0rc1
 CVE_CHECK_IGNORE += "CVE-2023-0030"
 
@@ -6750,8 +6747,6 @@ CVE_CHECK_IGNORE += "CVE-2023-1382"
 # fixed-version: Fixed after version 5.11rc4
 CVE_CHECK_IGNORE += "CVE-2023-1390"
 
-# CVE-2023-1476 has no known resolution
-
 # cpe-stable-backport: Backported in 5.15.95
 CVE_CHECK_IGNORE += "CVE-2023-1513"
 
@@ -6926,8 +6921,7 @@ CVE_CHECK_IGNORE += "CVE-2023-23559"
 # fixed-version: Fixed after version 5.12rc1
 CVE_CHECK_IGNORE += "CVE-2023-23586"
 
-# fixed-version: only affects 5.18rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-2430"
+# CVE-2023-2430 needs backporting (fixed from 6.2rc5)
 
 # cpe-stable-backport: Backported in 5.15.105
 CVE_CHECK_IGNORE += "CVE-2023-2483"
@@ -7357,8 +7351,7 @@ CVE_CHECK_IGNORE += "CVE-2023-45871"
 # fixed-version: only affects 6.5rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-45898"
 
-# fixed-version: only affects 6.4rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-4610"
+# CVE-2023-4610 needs backporting (fixed from 6.4)
 
 # fixed-version: only affects 6.4rc1 onwards
 CVE_CHECK_IGNORE += "CVE-2023-4611"
@@ -7393,8 +7386,7 @@ CVE_CHECK_IGNORE += "CVE-2023-5090"
 # cpe-stable-backport: Backported in 5.15.135
 CVE_CHECK_IGNORE += "CVE-2023-5158"
 
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-51779"
+# CVE-2023-51779 needs backporting (fixed from 6.7rc7)
 
 # cpe-stable-backport: Backported in 5.15.137
 CVE_CHECK_IGNORE += "CVE-2023-5178"
@@ -7425,8 +7417,6 @@ CVE_CHECK_IGNORE += "CVE-2023-5972"
 
 # CVE-2023-6039 needs backporting (fixed from 6.5rc5)
 
-# CVE-2023-6040 needs backporting (fixed from 5.18rc1)
-
 # fixed-version: only affects 6.6rc3 onwards
 CVE_CHECK_IGNORE += "CVE-2023-6111"
 
@@ -7438,13 +7428,8 @@ CVE_CHECK_IGNORE += "CVE-2023-6176"
 
 # CVE-2023-6238 has no known resolution
 
-# CVE-2023-6270 has no known resolution
-
 # CVE-2023-6356 has no known resolution
 
-# fixed-version: only affects 6.1rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6531"
-
 # CVE-2023-6535 has no known resolution
 
 # CVE-2023-6536 has no known resolution
@@ -7454,16 +7439,14 @@ CVE_CHECK_IGNORE += "CVE-2023-6546"
 
 # CVE-2023-6560 needs backporting (fixed from 6.7rc4)
 
-# cpe-stable-backport: Backported in 5.15.146
-CVE_CHECK_IGNORE += "CVE-2023-6606"
+# CVE-2023-6606 needs backporting (fixed from 6.7rc7)
 
 # CVE-2023-6610 needs backporting (fixed from 6.7rc7)
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6622"
 
-# fixed-version: only affects 6.7rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2023-6679"
+# CVE-2023-6679 needs backporting (fixed from 6.7rc6)
 
 # cpe-stable-backport: Backported in 5.15.143
 CVE_CHECK_IGNORE += "CVE-2023-6817"
@@ -7476,16 +7459,3 @@ CVE_CHECK_IGNORE += "CVE-2023-6932"
 
 # CVE-2023-7042 has no known resolution
 
-# cpe-stable-backport: Backported in 5.15.100
-CVE_CHECK_IGNORE += "CVE-2023-7192"
-
-# fixed-version: only affects 6.5rc6 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0193"
-
-# CVE-2024-0340 needs backporting (fixed from 6.4rc6)
-
-# fixed-version: only affects 6.2rc1 onwards
-CVE_CHECK_IGNORE += "CVE-2024-0443"
-
-# Skipping dd=CVE-2023-1476, no affected_versions
-
-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#196830): 
https://lists.openembedded.org/g/openembedded-core/message/196830
Mute This Topic: https://lists.openembedded.org/mt/104799641/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][kirkstone 3/9] Revert "linux-yocto/5.15: update CVE exclusions"

Reply via email to