diff mbox series

[meta,04/15] linux-yocto/6.18: update CVE exclusions (6.18.21)

Message ID 20260423153222.1932256-5-bruce.ashfield@gmail.com
State New
Headers show
Series linux-yocto: -stable updates | expand

Commit Message

Bruce Ashfield April 23, 2026, 3:32 p.m. UTC 
From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 35 changes (5 new | 30 updated): - 5 new CVEs: CVE-2025-57847, CVE-2025-57851, CVE-2025-57853, CVE-2025-57854, CVE-2025-58713 - 30 updated CVEs: CVE-2023-52356, CVE-2024-8299, CVE-2024-9852, CVE-2025-14104, CVE-2025-14821, CVE-2025-14831, CVE-2026-1757, CVE-2026-26157, CVE-2026-26158, CVE-2026-27787, CVE-2026-28261, CVE-2026-2625, CVE-2026-35393, CVE-2026-35398, CVE-2026-35409, CVE-2026-35413, CVE-2026-35444, CVE-2026-35452, CVE-2026-35473, CVE-2026-39698, CVE-2026-39700, CVE-2026-39702, CVE-2026-39935, CVE-2026-3142, CVE-2026-3781, CVE-2026-4483, CVE-2026-5302, CVE-2026-5506, CVE-2026-5688, CVE-2026-5705
        Date: Wed, 8 Apr 2026 14:13:08 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.18.inc              | 216 +++++++++++++++++-
 1 file changed, 206 insertions(+), 10 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 8f458e9d10..03f89ed9eb 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-03-27 19:44:12.925073+00:00 for kernel version 6.18.20
-# From linux_kernel_cves cve_2026-03-27_1900Z-1-g663ca5d2278
+# Generated at 2026-04-08 14:33:17.297345+00:00 for kernel version 6.18.21
+# From linux_kernel_cves cve_2026-04-08_1300Z-1-g105fda2ec51
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.20"
+    this_version = "6.18.21"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -19248,7 +19248,7 @@  CVE_STATUS[CVE-2025-40217] = "fixed-version: Fixed from version 6.18"
 
 CVE_STATUS[CVE-2025-40218] = "fixed-version: Fixed from version 6.18"
 
-CVE_STATUS[CVE-2025-40219] = "fixed-version: Fixed from version 6.18"
+CVE_STATUS[CVE-2025-40219] = "cpe-stable-backport: Backported in 6.18.16"
 
 CVE_STATUS[CVE-2025-40220] = "fixed-version: Fixed from version 6.18"
 
@@ -20108,8 +20108,6 @@  CVE_STATUS[CVE-2025-68810] = "cpe-stable-backport: Backported in 6.18.3"
 
 CVE_STATUS[CVE-2025-68811] = "cpe-stable-backport: Backported in 6.18.3"
 
-CVE_STATUS[CVE-2025-68812] = "cpe-stable-backport: Backported in 6.18.3"
-
 CVE_STATUS[CVE-2025-68813] = "cpe-stable-backport: Backported in 6.18.3"
 
 CVE_STATUS[CVE-2025-68814] = "cpe-stable-backport: Backported in 6.18.3"
@@ -21118,8 +21116,6 @@  CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.18.17"
 
-CVE_STATUS[CVE-2026-23320] = "cpe-stable-backport: Backported in 6.18.17"
-
 CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23322] = "cpe-stable-backport: Backported in 6.18.17"
@@ -21144,7 +21140,7 @@  CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23333 has no known resolution
+# CVE-2026-23333 needs backporting (fixed from 7.0rc1)
 
 CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21276,5 +21272,205 @@  CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-31788 has no known resolution
+CVE_STATUS[CVE-2026-23399] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23400] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-23401] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23402] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23403] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23404] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23405] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23406] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23407] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23408] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23409] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23410] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23411] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23412] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23413] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23414] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23415] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23416] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23417] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23418] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23419] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23420] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23421] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23422] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23423] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23424] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23425] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23426] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23427] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23428] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23429] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23430] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23431] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23432] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23433] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23434] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23435] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23436] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23437] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23438] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23439] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23442 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23444] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23445] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23446] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23447] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23448] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23449] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23450] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23451] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23452] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23453] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23454] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23455] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23456] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23459 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23461] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23462] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23463] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23464] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23465] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23466] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23467] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23468] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23469] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23470] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23471] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23472] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23473] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23474] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23475] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31389] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31390] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31391] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31392] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31393] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31394] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31395] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31396] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31397] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31398] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31399] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31400] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31401] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31402] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31403] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31404] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-31406] = "cpe-stable-backport: Backported in 6.18.21"
+
+# CVE-2026-31407 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31409] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31410] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.18.14"
+
+CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.18.20"