[meta,06/15] linux-yocto/6.18: update CVE exclusions (6.18.22)

Message ID	20260423153222.1932256-7-bruce.ashfield@gmail.com
State	New
Headers	show Return-Path: <bruce.ashfield@gmail.com> ip: 209.85.219.45, mailfrom: bruce.ashfield@gmail.com) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [meta][PATCH 06/15] linux-yocto/6.18: update CVE exclusions (6.18.22) Date: Thu, 23 Apr 2026 11:32:13 -0400 Message-ID: <20260423153222.1932256-7-bruce.ashfield@gmail.com> In-Reply-To: <20260423153222.1932256-1-bruce.ashfield@gmail.com> References: <20260423153222.1932256-1-bruce.ashfield@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	linux-yocto: -stable updates \| expand [0/15] linux-yocto: -stable updates [meta,01/15] linux-yocto/6.18: update to v6.18.20 [meta,02/15] linux-yocto/6.18: update CVE exclusions (6.18.20) [meta,03/15] linux-yocto/6.18: update to v6.18.21 [meta,04/15] linux-yocto/6.18: update CVE exclusions (6.18.21) [meta,05/15] linux-yocto/6.18: update to v6.18.22 [meta,06/15] linux-yocto/6.18: update CVE exclusions (6.18.22) [meta,07/15] linux-yocto/6.18: update to v6.18.23 [meta,08/15] linux-yocto/6.18: update CVE exclusions (6.18.23) [meta,09/15] linux-yocto/6.18: update to v6.18.24 [meta,10/15] linux-yocto/6.18: update CVE exclusions (6.18.24) [meta-yocto-bsp,11/15] yocto-bsps: update to v6.18.20 [meta-yocto-bsp,12/15] yocto-bsps: update to v6.18.21 [meta-yocto-bsp,13/15] yocto-bsps: update to v6.18.22 [meta-yocto-bsp,14/15] yocto-bsps: update to v6.18.23 [meta-yocto-bsp,15/15] yocto-bsps: update to v6.18.24

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc index 03f89ed9eb..2429851ff8 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc @@ -1,11 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2026-04-08 14:33:17.297345+00:00 for kernel version 6.18.21 -# From linux_kernel_cves cve_2026-04-08_1300Z-1-g105fda2ec51 +# Generated at 2026-04-14 21:26:55.774766+00:00 for kernel version 6.18.22 +# From linux_kernel_cves cve_2026-04-14_2000Z-2-gad6d9150d01 python check_kernel_cve_status_version() { - this_version = "6.18.21" + this_version = "6.18.22" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -21052,7 +21052,7 @@ CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.18.17" -CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19 onwards" +CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19.4 onwards" CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.18.17" @@ -21128,9 +21128,9 @@ CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23326] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23327 needs backporting (fixed from 7.0rc2) +# CVE-2026-23327 needs backporting (fixed from 7.0) -# CVE-2026-23328 needs backporting (fixed from 7.0rc3) +# CVE-2026-23328 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23329] = "cpe-stable-backport: Backported in 6.18.17" @@ -21140,8 +21140,6 @@ CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23333 needs backporting (fixed from 7.0rc1) - CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.18.17" @@ -21156,7 +21154,7 @@ CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.18.17" -CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19 onwards" +CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19.4 onwards" CVE_STATUS[CVE-2026-23342] = "cpe-stable-backport: Backported in 6.18.17" @@ -21216,19 +21214,19 @@ CVE_STATUS[CVE-2026-23369] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23371 needs backporting (fixed from 7.0rc3) +# CVE-2026-23371 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23373] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23374 needs backporting (fixed from 7.0rc3) +# CVE-2026-23374 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23375] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23376] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23377 needs backporting (fixed from 7.0rc3) +# CVE-2026-23377 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.18.17" @@ -21252,7 +21250,7 @@ CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.18.17" CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.18.17" -# CVE-2026-23389 needs backporting (fixed from 7.0rc3) +CVE_STATUS[CVE-2026-23389] = "cpe-stable-backport: Backported in 6.18.22" CVE_STATUS[CVE-2026-23390] = "cpe-stable-backport: Backported in 6.18.13" @@ -21262,7 +21260,7 @@ CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-23393] = "cpe-stable-backport: Backported in 6.18.20" -# CVE-2026-23394 needs backporting (fixed from 7.0rc5) +# CVE-2026-23394 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.18.20" @@ -21358,7 +21356,7 @@ CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.18.20" -# CVE-2026-23442 needs backporting (fixed from 7.0rc5) +# CVE-2026-23442 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.18.20" @@ -21392,7 +21390,7 @@ CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.18.20" -# CVE-2026-23459 needs backporting (fixed from 7.0rc5) +# CVE-2026-23459 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.18.20" @@ -21416,8 +21414,6 @@ CVE_STATUS[CVE-2026-23469] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-23470] = "cpe-stable-backport: Backported in 6.18.20" -CVE_STATUS[CVE-2026-23471] = "cpe-stable-backport: Backported in 6.18.20" - CVE_STATUS[CVE-2026-23472] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-23473] = "cpe-stable-backport: Backported in 6.18.20" @@ -21462,7 +21458,7 @@ CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.18.19" CVE_STATUS[CVE-2026-31406] = "cpe-stable-backport: Backported in 6.18.21" -# CVE-2026-31407 needs backporting (fixed from 7.0rc5) +# CVE-2026-31407 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.18.21" @@ -21472,5 +21468,39 @@ CVE_STATUS[CVE-2026-31410] = "cpe-stable-backport: Backported in 6.18.20" CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.18.14" +CVE_STATUS[CVE-2026-31412] = "cpe-stable-backport: Backported in 6.18.19" + +CVE_STATUS[CVE-2026-31413] = "cpe-stable-backport: Backported in 6.18.21" + +CVE_STATUS[CVE-2026-31414] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31415] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31416] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31417] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31418] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31419] = "cpe-stable-backport: Backported in 6.18.22" + +# CVE-2026-31420 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-31421] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31422] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31423] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31424] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31425] = "cpe-stable-backport: Backported in 6.18.22" + +CVE_STATUS[CVE-2026-31426] = "cpe-stable-backport: Backported in 6.18.21" + +CVE_STATUS[CVE-2026-31427] = "cpe-stable-backport: Backported in 6.18.21" + +CVE_STATUS[CVE-2026-31428] = "cpe-stable-backport: Backported in 6.18.21" + CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.18.20"

[meta,06/15] linux-yocto/6.18: update CVE exclusions (6.18.22)

Commit Message

Patch