diff mbox series

[3/3] linux: cve-exclusions: Amend terminology

Message ID 20250526092927.2588577-3-niko.mauno@vaisala.com
State Accepted, archived
Commit feb80e6be16f27611a018d0ef7841cbb466c47d1
Headers show
Series [1/3] cve-exclusion_6.12.inc: Update using current cvelistV5 | expand

Commit Message

Niko Mauno May 26, 2025, 9:29 a.m. UTC 
Replace the term 'needs backporting' with 'may need backporting' in
generate-cve-exclusions.py when the checked kernel version may or may
not be in the vulnerable version range, thus making backporting
necessary only in the former case.

In tandem we regenerate the content of cve-exclusion_6.12.inc using
https://github.com/CVEProject/cvelistV5.git repository main branch at
git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content
in sync with the script.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
---
 .../linux/cve-exclusion_6.12.inc              | 142 +++++++++---------
 .../linux/generate-cve-exclusions.py          |   2 +-
 2 files changed, 72 insertions(+), 72 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index c03ad19a3d..120b1b5ef7 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,6 +1,6 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27
+# Generated at 2025-05-24 12:18:11.126849+00:00 for version 6.12.27
 
 python check_kernel_cve_status_version() {
     this_version = "6.12.27"
@@ -12356,7 +12356,7 @@  CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards"
 
 # CVE-2025-22101 needs backporting (fixed from 6.15rc1)
 
-# CVE-2025-22102 needs backporting (fixed from 6.12.30)
+# CVE-2025-22102 may need backporting (fixed from 6.12.30)
 
 # CVE-2025-22103 needs backporting (fixed from 6.15rc1)
 
@@ -12640,7 +12640,7 @@  CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26"
 
-# CVE-2025-37821 needs backporting (fixed from 6.12.29)
+# CVE-2025-37821 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26"
 
@@ -12776,99 +12776,99 @@  CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20"
 
-# CVE-2025-37890 needs backporting (fixed from 6.12.28)
+# CVE-2025-37890 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37891 needs backporting (fixed from 6.12.28)
+# CVE-2025-37891 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23"
 
-# CVE-2025-37894 needs backporting (fixed from 6.12.28)
+# CVE-2025-37894 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37895 needs backporting (fixed from 6.12.28)
+# CVE-2025-37895 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-37897 needs backporting (fixed from 6.12.28)
+# CVE-2025-37897 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37899 needs backporting (fixed from 6.12.28)
+# CVE-2025-37899 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37900 needs backporting (fixed from 6.12.28)
+# CVE-2025-37900 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37901 needs backporting (fixed from 6.12.28)
+# CVE-2025-37901 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards"
 
-# CVE-2025-37903 needs backporting (fixed from 6.12.28)
+# CVE-2025-37903 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37905 needs backporting (fixed from 6.12.28)
+# CVE-2025-37905 may need backporting (fixed from 6.12.28)
 
 # CVE-2025-37906 needs backporting (fixed from 6.15rc4)
 
-# CVE-2025-37907 needs backporting (fixed from 6.12.28)
+# CVE-2025-37907 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37908 needs backporting (fixed from 6.12.28)
+# CVE-2025-37908 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37909 needs backporting (fixed from 6.12.28)
+# CVE-2025-37909 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37910 needs backporting (fixed from 6.12.28)
+# CVE-2025-37910 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37911 needs backporting (fixed from 6.12.28)
+# CVE-2025-37911 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37912 needs backporting (fixed from 6.12.28)
+# CVE-2025-37912 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37913 needs backporting (fixed from 6.12.28)
+# CVE-2025-37913 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37914 needs backporting (fixed from 6.12.28)
+# CVE-2025-37914 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37915 needs backporting (fixed from 6.12.28)
+# CVE-2025-37915 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37916 needs backporting (fixed from 6.12.28)
+# CVE-2025-37916 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37917 needs backporting (fixed from 6.12.28)
+# CVE-2025-37917 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37918 needs backporting (fixed from 6.12.28)
+# CVE-2025-37918 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37919 needs backporting (fixed from 6.12.28)
+# CVE-2025-37919 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37920 needs backporting (fixed from 6.12.28)
+# CVE-2025-37920 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37921 needs backporting (fixed from 6.12.28)
+# CVE-2025-37921 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37922 needs backporting (fixed from 6.12.28)
+# CVE-2025-37922 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37923 needs backporting (fixed from 6.12.28)
+# CVE-2025-37923 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37924 needs backporting (fixed from 6.12.28)
+# CVE-2025-37924 may need backporting (fixed from 6.12.28)
 
 # CVE-2025-37925 needs backporting (fixed from 6.15rc1)
 
-# CVE-2025-37926 needs backporting (fixed from 6.12.28)
+# CVE-2025-37926 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37927 needs backporting (fixed from 6.12.28)
+# CVE-2025-37927 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37928 needs backporting (fixed from 6.12.28)
+# CVE-2025-37928 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37929 needs backporting (fixed from 6.12.28)
+# CVE-2025-37929 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37930 needs backporting (fixed from 6.12.28)
+# CVE-2025-37930 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37931 needs backporting (fixed from 6.12.28)
+# CVE-2025-37931 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37932 needs backporting (fixed from 6.12.28)
+# CVE-2025-37932 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37933 needs backporting (fixed from 6.12.28)
+# CVE-2025-37933 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37934 needs backporting (fixed from 6.12.28)
+# CVE-2025-37934 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37935 needs backporting (fixed from 6.12.28)
+# CVE-2025-37935 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37936 needs backporting (fixed from 6.12.28)
+# CVE-2025-37936 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12888,63 +12888,63 @@  CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24"
 
-# CVE-2025-37946 needs backporting (fixed from 6.12.29)
+# CVE-2025-37946 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37947 needs backporting (fixed from 6.12.29)
+# CVE-2025-37947 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37948 needs backporting (fixed from 6.12.29)
+# CVE-2025-37948 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37949 needs backporting (fixed from 6.12.29)
+# CVE-2025-37949 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-37951 needs backporting (fixed from 6.12.29)
+# CVE-2025-37951 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37952 needs backporting (fixed from 6.12.29)
+# CVE-2025-37952 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37953 needs backporting (fixed from 6.12.29)
+# CVE-2025-37953 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37954 needs backporting (fixed from 6.12.29)
+# CVE-2025-37954 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37955 needs backporting (fixed from 6.12.29)
+# CVE-2025-37955 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37956 needs backporting (fixed from 6.12.29)
+# CVE-2025-37956 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37957 needs backporting (fixed from 6.12.29)
+# CVE-2025-37957 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37958 needs backporting (fixed from 6.12.29)
+# CVE-2025-37958 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37959 needs backporting (fixed from 6.12.29)
+# CVE-2025-37959 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37960 needs backporting (fixed from 6.12.29)
+# CVE-2025-37960 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37961 needs backporting (fixed from 6.12.29)
+# CVE-2025-37961 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37962 needs backporting (fixed from 6.12.29)
+# CVE-2025-37962 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37963 needs backporting (fixed from 6.12.29)
+# CVE-2025-37963 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37964 needs backporting (fixed from 6.12.29)
+# CVE-2025-37964 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37965 needs backporting (fixed from 6.12.29)
+# CVE-2025-37965 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37967 needs backporting (fixed from 6.12.30)
+# CVE-2025-37967 may need backporting (fixed from 6.12.30)
 
-# CVE-2025-37968 needs backporting (fixed from 6.12.30)
+# CVE-2025-37968 may need backporting (fixed from 6.12.30)
 
-# CVE-2025-37969 needs backporting (fixed from 6.12.29)
+# CVE-2025-37969 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37970 needs backporting (fixed from 6.12.29)
+# CVE-2025-37970 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37971 needs backporting (fixed from 6.12.29)
+# CVE-2025-37971 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37972 needs backporting (fixed from 6.12.29)
+# CVE-2025-37972 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37973 needs backporting (fixed from 6.12.29)
+# CVE-2025-37973 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37974 needs backporting (fixed from 6.12.29)
+# CVE-2025-37974 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
 
@@ -12976,9 +12976,9 @@  CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26"
 
-# CVE-2025-37990 needs backporting (fixed from 6.12.28)
+# CVE-2025-37990 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37991 needs backporting (fixed from 6.12.28)
+# CVE-2025-37991 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23"
 
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index ea59c15a01..b45c2d5702 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -141,7 +141,7 @@  do_cve_check[prefuncs] += "check_kernel_cve_status_version"
                         f'CVE_STATUS[{cve}] = "cpe-stable-backport: Backported in {backport_ver}"'
                     )
                 else:
-                    print(f"# {cve} needs backporting (fixed from {backport_ver})")
+                    print(f"# {cve} may need backporting (fixed from {backport_ver})")
             else:
                 print(f"# {cve} needs backporting (fixed from {fixed})")