diff mbox series

[v3,8/8] cve-exclusions: correct CVE_STATUS

Message ID 20250429143904.634082-9-daniel.turull@ericsson.com
State New
Headers show
Series Check compiled files to filter kernel CVEs | expand

Commit Message

Daniel Turull April 29, 2025, 2:39 p.m. UTC 
From: Daniel Turull <daniel.turull@ericsson.com>

Some old CVEs do not have proper metadata to be able to resolve them
or at wrongly assigned to the linux kernel.

The new kernel cve handling fails to report not vulnerable for a few
CVEs that were introduced in LTS branch.

CC: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
---
 meta/recipes-kernel/linux/cve-exclusion.inc | 31 +++++++++++++++++++++
 1 file changed, 31 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc
index f1b7db44b6..a80588ddeb 100644
--- a/meta/recipes-kernel/linux/cve-exclusion.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion.inc
@@ -155,3 +155,34 @@  CVE_STATUS[CVE-2023-7042] = "fixed-version: Fixed from 6.9rc1"
 
 #Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a
 CVE_STATUS[CVE-2024-0193] = "fixed-version: Fixed from 6.7"
+
+#Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6c54b7bc8a31ce0f7cc7f8deef05067df414f1d8
+CVE_STATUS[CVE-2023-53012] = "fixed-version: Fixed from 6.2rc5"
+
+#Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2f10d4a51bbcd938f1f02f16c304ad1d54717b96
+CVE_STATUS[CVE-2024-35788] = "fixed-version: Fixed from 6.9rc2"
+
+#Fix: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c8243def299793ac6c85fdc1086089c800c1051a
+CVE_STATUS[CVE-2024-57920] = "cpe-stable-backport: Backported in 6.12.10"
+
+#Fix: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=62b9ad7e52d4777f7e775ee1f0ad2452f6041024
+CVE_STATUS[CVE-2025-21988] = "cpe-stable-backport: Backported in 6.12.20"
+
+# Vulnerable code only in lts branches until 6.1.129 and 6.6.78
+CVE_STATUS[CVE-2025-40364] = "fixed-version: Fixed from 6.7"
+
+CVE_STATUS[CVE-2019-14899] = "cpe-incorrect: related to opevpn"
+
+CVE_STATUS[CVE-2021-3714] = "not-applicable-platform: specific to RHEL with securelevel patches"
+
+CVE_STATUS[CVE-2021-3864] = "not-applicable-platform: specific to RHEL with securelevel patches"
+
+CVE_STATUS[CVE-2023-3079] = "cpe-incorrect: not Linux but chrome"
+
+CVE_STATUS[CVE-2022-1247] = "not-applicable-platform: specific to RHEL with securelevel patches"
+
+CVE_STATUS[CVE-2023-3640] = "not-applicable-platform: specific to RHEL with securelevel patches"
+
+CVE_STATUS[CVE-2023-6238] = "not-applicable-platform: specific to RHEL with securelevel patches"
+
+CVE_STATUS[CVE-2023-6535] = "not-applicable-platform: specific to RHEL with securelevel patches"