linux-yocto: refresh CVE exclusion list for 6.12.31

Message ID	20250605163219.1202465-1-ross.burton@arm.com
State	Accepted, archived
Commit	890041f5ed06be1c0a655030af35484d98fe3e7a
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: Ross Burton <ross.burton@arm.com> To: openembedded-core@lists.openembedded.org Subject: [PATCH] linux-yocto: refresh CVE exclusion list for 6.12.31 Date: Thu, 5 Jun 2025 17:32:19 +0100 Message-ID: <20250605163219.1202465-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	linux-yocto: refresh CVE exclusion list for 6.12.31 \| expand linux-yocto: refresh CVE exclusion list for 6.12.31

Message ID

20250605163219.1202465-1-ross.burton@arm.com

State

Accepted, archived

Commit

890041f5ed06be1c0a655030af35484d98fe3e7a

Headers

From: Ross Burton <ross.burton@arm.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] linux-yocto: refresh CVE exclusion list for 6.12.31
Date: Thu,  5 Jun 2025 17:32:19 +0100
Message-ID: <20250605163219.1202465-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

linux-yocto: refresh CVE exclusion list for 6.12.31 | expand

Comments

patchtest@automation.yoctoproject.org June 5, 2025, 4:46 p.m. UTC | #1

Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/linux-yocto-refresh-CVE-exclusion-list-for-6.12.31.patch

FAIL: test commit message presence: Please include a commit message on your patch explaining the change (test_mbox.TestMbox.test_commit_message_presence)

PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test mbox format (test_mbox.TestMbox.test_mbox_format)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: No python related patches, skipping test (test_python_pylint.PyLint.pretest_pylint)
SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore)
SKIP: test CVE tag format: No new CVE patches introduced (test_patch.TestPatch.test_cve_tag_format)
SKIP: test Signed-off-by presence: No new CVE patches introduced (test_patch.TestPatch.test_signed_off_by_presence)
SKIP: test Upstream-Status presence: No new CVE patches introduced (test_patch.TestPatch.test_upstream_status_presence_format)
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: No python related patches, skipping test (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index d33880eae0f..199ea019d5b 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-05-29 10:54:43.823437+00:00 for kernel version 6.12.30
-# From cvelistV5 cve_2025-05-29_1000Z-1-g4f2590b715f
+# Generated at 2025-06-05 16:29:20.725105+00:00 for kernel version 6.12.31
+# From cvelistV5 cve_2025-06-05_1600Z
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.30"
+    this_version = "6.12.31"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5054,8 +5054,6 @@  CVE_STATUS[CVE-2023-53023] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-53024] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2023-53025] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2023-53026] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-53028] = "fixed-version: Fixed from version 6.1.8"
@@ -12564,8 +12562,6 @@  CVE_STATUS[CVE-2025-37780] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37781] = "cpe-stable-backport: Backported in 6.12.25"
 
-CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25"
-
 CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25"
@@ -12660,8 +12656,6 @@  CVE_STATUS[CVE-2025-37830] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37831] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37832] = "cpe-stable-backport: Backported in 6.12.26"
-
 CVE_STATUS[CVE-2025-37833] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37834] = "cpe-stable-backport: Backported in 6.12.26"
@@ -12978,6 +12972,20 @@  CVE_STATUS[CVE-2025-37991] = "cpe-stable-backport: Backported in 6.12.28"
 
 CVE_STATUS[CVE-2025-37992] = "cpe-stable-backport: Backported in 6.12.30"
 
+CVE_STATUS[CVE-2025-37993] = "cpe-stable-backport: Backported in 6.12.29"
+
+CVE_STATUS[CVE-2025-37994] = "cpe-stable-backport: Backported in 6.12.29"
+
+CVE_STATUS[CVE-2025-37995] = "cpe-stable-backport: Backported in 6.12.29"
+
+CVE_STATUS[CVE-2025-37996] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-37997] = "cpe-stable-backport: Backported in 6.12.29"
+
+CVE_STATUS[CVE-2025-37998] = "cpe-stable-backport: Backported in 6.12.29"
+
+CVE_STATUS[CVE-2025-37999] = "cpe-stable-backport: Backported in 6.12.29"
+
 CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-38104 needs backporting (fixed from 6.15)

linux-yocto: refresh CVE exclusion list for 6.12.31

Commit Message

Comments

Patch