diff mbox series

[openembedded-core,whinlatter,10/18] linux-yocto/6.12: update CVE exclusions (6.12.77)

Message ID 20260423154509.1933646-11-bruce.ashfield@gmail.com
State New
Headers show
Series linux-yocto: stable updates to 6.12 | expand

Commit Message

Bruce Ashfield April 23, 2026, 3:45 p.m. UTC 
From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 21 changes (20 new | 1 updated): - 20 new CVEs: CVE-2025-47873, CVE-2025-58427, CVE-2025-61952, CVE-2025-61979, CVE-2025-62403, CVE-2025-62500, CVE-2025-64301, CVE-2025-64733, CVE-2025-64735, CVE-2025-64776, CVE-2025-65119, CVE-2025-66000, CVE-2025-66042, CVE-2025-66342, CVE-2025-66503, CVE-2025-66617, CVE-2025-66633, CVE-2026-20726, CVE-2026-22882, CVE-2026-25790 - 1 updated CVEs: CVE-2026-3207
        Date: Tue, 17 Mar 2026 18:55:39 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 60d337b010..5fa3966719 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-03-09 19:34:33.465338+00:00 for kernel version 6.12.76
-# From linux_kernel_cves cve_2026-03-09_1900Z-1-gab0cca33c43
+# Generated at 2026-03-17 19:07:54.629545+00:00 for kernel version 6.12.77
+# From linux_kernel_cves cve_2026-03-17_1800Z-2-g4ae4487ca91
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.76"
+    this_version = "6.12.77"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -9032,7 +9032,7 @@  CVE_STATUS[CVE-2023-54326] = "fixed-version: Fixed from version 6.5"
 
 CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3"
 
-# CVE-2024-14027 needs backporting (fixed from 6.13)
+CVE_STATUS[CVE-2024-14027] = "cpe-stable-backport: Backported in 6.12.77"
 
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
@@ -20420,6 +20420,8 @@  CVE_STATUS[CVE-2025-71237] = "cpe-stable-backport: Backported in 6.12.72"
 
 CVE_STATUS[CVE-2025-71238] = "cpe-stable-backport: Backported in 6.12.74"
 
+CVE_STATUS[CVE-2025-71239] = "cpe-stable-backport: Backported in 6.12.75"
+
 CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.12.66"
 
 CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.12.66"
@@ -20920,9 +20922,9 @@  CVE_STATUS[CVE-2026-23224] = "cpe-stable-backport: Backported in 6.12.72"
 
 CVE_STATUS[CVE-2026-23225] = "fixed-version: only affects 6.19 onwards"
 
-# CVE-2026-23226 needs backporting (fixed from 7.0rc1)
+CVE_STATUS[CVE-2026-23226] = "cpe-stable-backport: Backported in 6.12.77"
 
-# CVE-2026-23227 needs backporting (fixed from 7.0rc1)
+CVE_STATUS[CVE-2026-23227] = "cpe-stable-backport: Backported in 6.12.77"
 
 CVE_STATUS[CVE-2026-23228] = "cpe-stable-backport: Backported in 6.12.72"
 
@@ -20946,3 +20948,9 @@  CVE_STATUS[CVE-2026-23237] = "cpe-stable-backport: Backported in 6.12.74"
 
 CVE_STATUS[CVE-2026-23238] = "cpe-stable-backport: Backported in 6.12.74"
 
+CVE_STATUS[CVE-2026-23239] = "cpe-stable-backport: Backported in 6.12.75"
+
+CVE_STATUS[CVE-2026-23240] = "cpe-stable-backport: Backported in 6.12.75"
+
+CVE_STATUS[CVE-2026-23241] = "cpe-stable-backport: Backported in 6.12.75"
+