[08/16] linux-yocto/6.17: update CVE exclusions (6.17.10)

Message ID	1f663575fb2b7f3c9760552748a8a0fa25744fd5.1764822465.git.bruce.ashfield@gmail.com
State	New
Headers	show Return-Path: <bruce.ashfield@gmail.com> ip: 209.85.160.173, mailfrom: bruce.ashfield@gmail.com) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 08/16] linux-yocto/6.17: update CVE exclusions (6.17.10) Date: Wed, 3 Dec 2025 23:30:20 -0500 Message-Id: <1f663575fb2b7f3c9760552748a8a0fa25744fd5.1764822465.git.bruce.ashfield@gmail.com> In-Reply-To: <cover.1764822465.git.bruce.ashfield@gmail.com> References: <cover.1764822465.git.bruce.ashfield@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[01/16] linux-yocto/6.17: fix -tiny kernel boot \| expand [01/16] linux-yocto/6.17: fix -tiny kernel boot [02/16] linux-yocto/6.17: update to v6.17.7 [03/16] linux-yocto/6.17: update CVE exclusions (6.17.7) [04/16] linux-yocto/6.17: generic64arm configuration updates [05/16] linux-yocto/6.17: update to v6.17.8 [06/16] linux-yocto/6.17: update CVE exclusions (6.17.8) [07/16] linux-yocto/6.17: update to v6.17.10 [08/16] linux-yocto/6.17: update CVE exclusions (6.17.10) [09/16] linux-yocto/6.12: update to v6.12.57 [10/16] linux-yocto/6.12: update CVE exclusions (6.12.57) [11/16] linux-yocto/6.12: update to v6.12.58 [12/16] linux-yocto/6.12: update CVE exclusions (6.12.58) [13/16] linux-yocto/6.12: update to v6.12.59 [14/16] linux-yocto/6.12: update CVE exclusions (6.12.59) [15/16] linux-yocto/6.12: update to v6.12.60 [16/16] linux-yocto/6.12: update CVE exclusions (6.12.60)

Message ID

1f663575fb2b7f3c9760552748a8a0fa25744fd5.1764822465.git.bruce.ashfield@gmail.com

State

New

Headers

From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [PATCH 08/16] linux-yocto/6.17: update CVE exclusions (6.17.10)
Date: Wed,  3 Dec 2025 23:30:20 -0500
Message-Id: 
 <1f663575fb2b7f3c9760552748a8a0fa25744fd5.1764822465.git.bruce.ashfield@gmail.com>
In-Reply-To: <cover.1764822465.git.bruce.ashfield@gmail.com>
References: <cover.1764822465.git.bruce.ashfield@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[01/16] linux-yocto/6.17: fix -tiny kernel boot | expand

Commit Message

Bruce Ashfield Dec. 4, 2025, 4:30 a.m. UTC

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 4 changes (1 new | 3 updated): - 1 new CVEs: CVE-2025-65406 - 3 updated CVEs: CVE-2024-32384, CVE-2025-13829, CVE-2025-7195
        Date: Mon, 1 Dec 2025 16:21:32 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.17.inc              | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.17.inc b/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
index 10dc5930194..0dfce883031 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-11-14 16:03:48.166784+00:00 for kernel version 6.17.8
-# From linux_kernel_cves cve_2025-11-14_1500Z-6-g27598c15037
+# Generated at 2025-12-01 16:25:15.356251+00:00 for kernel version 6.17.10
+# From linux_kernel_cves cve_2025-12-01_1600Z-1-g77d6c1b8483
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.17.8"
+    this_version = "6.17.10"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -17656,7 +17656,7 @@  CVE_STATUS[CVE-2025-40088] = "cpe-stable-backport: Backported in 6.17.5"
 
 CVE_STATUS[CVE-2025-40089] = "cpe-stable-backport: Backported in 6.17.5"
 
-CVE_STATUS[CVE-2025-40090] = "cpe-stable-backport: Backported in 6.17.5"
+CVE_STATUS[CVE-2025-40090] = "fixed-version: Fixed from version 6.17.5"
 
 CVE_STATUS[CVE-2025-40091] = "cpe-stable-backport: Backported in 6.17.5"
 
@@ -17762,8 +17762,6 @@  CVE_STATUS[CVE-2025-40142] = "cpe-stable-backport: Backported in 6.17.3"
 
 CVE_STATUS[CVE-2025-40143] = "cpe-stable-backport: Backported in 6.17.3"
 
-CVE_STATUS[CVE-2025-40144] = "cpe-stable-backport: Backported in 6.17.3"
-
 CVE_STATUS[CVE-2025-40145] = "cpe-stable-backport: Backported in 6.17.3"
 
 CVE_STATUS[CVE-2025-40146] = "cpe-stable-backport: Backported in 6.17.3"
@@ -17892,6 +17890,16 @@  CVE_STATUS[CVE-2025-40207] = "cpe-stable-backport: Backported in 6.17.4"
 
 CVE_STATUS[CVE-2025-40208] = "cpe-stable-backport: Backported in 6.17.4"
 
+CVE_STATUS[CVE-2025-40209] = "cpe-stable-backport: Backported in 6.17.8"
+
+CVE_STATUS[CVE-2025-40210] = "cpe-stable-backport: Backported in 6.17.8"
+
+CVE_STATUS[CVE-2025-40211] = "cpe-stable-backport: Backported in 6.17.8"
+
+CVE_STATUS[CVE-2025-40212] = "cpe-stable-backport: Backported in 6.17.9"
+
+CVE_STATUS[CVE-2025-40213] = "cpe-stable-backport: Backported in 6.17.8"
+
 CVE_STATUS[CVE-2025-40300] = "fixed-version: Fixed from version 6.17"
 
 CVE_STATUS[CVE-2025-40325] = "fixed-version: Fixed from version 6.15"

[08/16] linux-yocto/6.17: update CVE exclusions (6.17.10)

Commit Message

Patch