From patchwork Mon May 11 20:25:09 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bruce Ashfield <bruce.ashfield@gmail.com>
X-Patchwork-Id: 87849
Return-Path: <bruce.ashfield@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0F922CD484E
	for <webhook@archiver.kernel.org>; Mon, 11 May 2026 20:25:25 +0000 (UTC)
Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com
 [209.85.160.169])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.59985.1778531123576201933
 for <openembedded-core@lists.openembedded.org>;
 Mon, 11 May 2026 13:25:23 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20251104 header.b=O2g6LbXD;
 spf=pass (domain: gmail.com, ip: 209.85.160.169,
 mailfrom: bruce.ashfield@gmail.com)
Received: by mail-qt1-f169.google.com with SMTP id
 d75a77b69052e-50d87610513so46889371cf.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 11 May 2026 13:25:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1778531122; x=1779135922;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=ToSyXl5lk8VSh4R27JMUlyGoiS741mkeo8hr/4POjF8=;
        b=O2g6LbXDN9q8PgXpIG9HIj/Lq8/TyRpsoEoqx1z+kSjiaAYknUTCrPaFYmZSc5rq9D
         thbTJzhSJX+RLl0odTyIzw6z+886tqNaho87DiwxAfEKANJOPYJLW/XlsAI4hwvbEHG0
         Wh9Py4CJcEA62ZqF+4b2/LvROxUHSPUTWPi14pnyAL0Uzpmi4pc76DLekS9jM7HlxsOQ
         ePRf+Dtmj3XFOX5YSmQ5RzSAw4TFXbCgK5VIq9x0cCoC+fUchGqOeN1rrJyciV/4gojn
         NhWjt7wgDMBcQfUIW9ZtTo+PNxFAgmwLIhcbL17CgZQgvjPuDSS6M3wGflvvyEue53jZ
         uv/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778531122; x=1779135922;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=ToSyXl5lk8VSh4R27JMUlyGoiS741mkeo8hr/4POjF8=;
        b=qqd/g66LNevI8JRNl5e4Nay7lY0Mn/YPsWpx7rdFpArEgiAhfniymsmoUQ1G1jSiyS
         GIXdHVT9vNII8Lsr0nQTcsMKtr9o8xghuVu8P4G1zXjwwaZy0GCxggA/bG2W9HmDRJ+n
         mri/0NPF645uBAMW6JWrsAYTNqnEW9PGbHwSoIl6bWDMcat+8dlW3lVNDzyZhqMDW52U
         QlCohId3HlOBaw6mlv1XJ2KYXrLPjNb2SVS0Osfjsh2Gk6lVVy3nnqtO02nHYWuf4eta
         cSQy9ACDK+zGbt3wZgGNrwx9jATpUjfDp4YTDX8iFDyqvO4gVB6LTLmgwLYj+3pgS4Vj
         QFHQ==
X-Gm-Message-State: AOJu0Yy6tPvgd8uOtKAKEp7Ngllpc9kBMEMGjnoj+5NSQrYVcSPR56of
	/4WcotBcfK3HQ1oQa/v1mFIb4E68yN7y0sAFnaHKQBkIBQAgSOSGAMmE6pNZqsxQKnAwTg==
X-Gm-Gg: Acq92OHWGLKnXog7+6shaKBR8iDkpeHVbFLza9E1dhh2LF6lxZlf4KFIGuuo7QAiUen
	aJfL3Jz9QRXAN7hIWWLng6q8wQIXW7s1zELhxzwq9oNWvuHjdEms2Kxwn6S+QI36dnU/6T7XoiS
	NmOKeGcojOKNwCecyX2+1mS25+73aRHPni2TnpBSn+oDpMedn4c8/is0lCj/VDTybXXF5yKeNMU
	9Lbw1e/bnKxCycDwoJNSa4HuispQhTfPHnneEXT/iQb/5ANbe/CD7OmIL9PtSaY3LyK2ZolZhTT
	uf9ghmTigj7JE3IoVZ1aEtD9hQkXb1Up6/vmdt/ILYibyaCb3wRezvIH00hezjQaaBNhFATaD9B
	wR4ZSrdC6BXTTwx5lVpJ4JQS7wpU1yqqSNceRRMofh14ik34w1IqsXQ0KlTRNOsH7bwF65se1WA
	bbYhDfR+D3lSRtb1T6zoDGhfa5lrD8PbU6c2AkTudB3CatAiG0d/MtslxVqhk1NWJvrbuTYxuTW
	R2DDLMuqlWFn0mw/kPWPiWDEOKkNZPoEl6ggfxYkuFmNGS5s1tJs1/xALc=
X-Received: by 2002:ac8:7dd6:0:b0:50d:8049:2f22 with SMTP id
 d75a77b69052e-51461be03d1mr347566821cf.3.1778531122345;
        Mon, 11 May 2026 13:25:22 -0700 (PDT)
Received: from bruce-XPS-8940.localdomain
 (pool-174-112-62-108.cpe.net.cable.rogers.com. [174.112.62.108])
        by smtp.gmail.com with ESMTPSA id
 d75a77b69052e-5148e83aa2bsm98213401cf.28.2026.05.11.13.25.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 11 May 2026 13:25:21 -0700 (PDT)
From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [meta][PATCH 02/09] linux-yocto/6.18: update CVE exclusions (6.18.25)
Date: Mon, 11 May 2026 16:25:09 -0400
Message-ID: <20260511202517.1648910-3-bruce.ashfield@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260511202517.1648910-1-bruce.ashfield@gmail.com>
References: <20260511202517.1648910-1-bruce.ashfield@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 11 May 2026 20:25:25 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/236827

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 83 changes (9 new | 74 updated): - 9 new CVEs: CVE-2026-27760, CVE-2026-40556, CVE-2026-40968, CVE-2026-7282, CVE-2026-7320, CVE-2026-7321, CVE-2026-7322, CVE-2026-7323, CVE-2026-7324 - 74 updated CVEs: CVE-2024-46636, CVE-2025-10539, CVE-2025-48431, CVE-2026-24354, CVE-2026-24361, CVE-2026-24367, CVE-2026-24368, CVE-2026-24369, CVE-2026-24370, CVE-2026-24371, CVE-2026-24373, CVE-2026-24374, CVE-2026-24375, CVE-2026-24376, CVE-2026-24377, CVE-2026-24378, CVE-2026-24379, CVE-2026-24380, CVE-2026-24381, CVE-2026-24382, CVE-2026-24383, CVE-2026-24384, CVE-2026-24385, CVE-2026-24386, CVE-2026-24387, CVE-2026-24388, CVE-2026-24389, CVE-2026-24390, CVE-2026-24391, CVE-2026-24392, CVE-2026-24521, CVE-2026-24522, CVE-2026-24523, CVE-2026-24525, CVE-2026-24526, CVE-2026-24528, CVE-2026-24529, CVE-2026-24530, CVE-2026-24531, CVE-2026-24532, CVE-2026-25422, CVE-2026-25423, CVE-2026-25428, CVE-2026-25432, CVE-2026-25451, CVE-2026-25453, CVE-2026-25459, CVE-2026-25463, CVE-2026-25472, CVE-2026-25473, CVE-2026-28130, CVE-2026-28131, CVE-2026-28132, CVE-2026-28133, CVE-2026-28134, CVE-2026-28136, CVE-2026-28137, CVE-2026-28138, CVE-2026-40966, CVE-2026-41365, CVE-2026-41371, CVE-2026-41525, CVE-2026-41602, CVE-2026-4805, CVE-2026-5779, CVE-2026-5780, CVE-2026-5781, CVE-2026-7156, CVE-2026-7178, CVE-2026-7237, CVE-2026-7244, CVE-2026-7267, CVE-2026-7272, CVE-2026-7309
        Date: Tue, 28 Apr 2026 14:21:46 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.18.inc              | 326 +++++++++++++++++-
 1 file changed, 321 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index ade11d8025..8e6357700d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-04-23 15:18:10.087069+00:00 for kernel version 6.18.24
-# From linux_kernel_cves cve_2026-04-23_1400Z
+# Generated at 2026-04-28 14:31:45.750135+00:00 for kernel version 6.18.25
+# From linux_kernel_cves cve_2026-04-28_1300Z-1-g3f42726e029
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.24"
+    this_version = "6.18.25"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -21356,7 +21356,7 @@ CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-23442 needs backporting (fixed from 7.0)
+CVE_STATUS[CVE-2026-23442] = "cpe-stable-backport: Backported in 6.18.25"
 
 CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.18.20"
 
@@ -21708,7 +21708,323 @@ CVE_STATUS[CVE-2026-31530] = "cpe-stable-backport: Backported in 6.18.21"
 
 CVE_STATUS[CVE-2026-31531] = "cpe-stable-backport: Backported in 6.18.24"
 
-# CVE-2026-31532 has no known resolution
+CVE_STATUS[CVE-2026-31532] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31533] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31535] = "cpe-stable-backport: Backported in 6.18.11"
+
+CVE_STATUS[CVE-2026-31536] = "cpe-stable-backport: Backported in 6.18.11"
+
+CVE_STATUS[CVE-2026-31537] = "cpe-stable-backport: Backported in 6.18.11"
+
+CVE_STATUS[CVE-2026-31538] = "cpe-stable-backport: Backported in 6.18.11"
+
+CVE_STATUS[CVE-2026-31539] = "cpe-stable-backport: Backported in 6.18.11"
+
+CVE_STATUS[CVE-2026-31540] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31541] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31542] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31543] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31544] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31545] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31546] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31547] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31548] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31549] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31550] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31551] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31552] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31553] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31554] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31555] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31556] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31557] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31558] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31559] = "cpe-stable-backport: Backported in 6.18.21"
+
+# CVE-2026-31560 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-31561] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31562] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31563] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31564] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31565] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31566] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31567] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31568] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31569] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31570] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31571] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31572] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31573] = "fixed-version: only affects 6.19.6 onwards"
+
+CVE_STATUS[CVE-2026-31574] = "fixed-version: only affects 7.0 onwards"
+
+CVE_STATUS[CVE-2026-31575] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31576] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31577] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31578] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31579] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31580] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31581] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31582] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31583] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31584] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31585] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31586] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31587] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31588] = "cpe-stable-backport: Backported in 6.18.24"
+
+# CVE-2026-31589 needs backporting (fixed from 7.1rc1)
+
+CVE_STATUS[CVE-2026-31590] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31591] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31592] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31593] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31594] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31595] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31596] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31597] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31598] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31599] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31600] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31601] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31602] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31603] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31604] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31605] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31606] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31607] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31608] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31609] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31610] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31611] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31612] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31613] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31614] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31615] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31616] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31617] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31618] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31619] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31620] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31621] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31622] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31623] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31624] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31625] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31626] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31627] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31628] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31629] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31630] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31631] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31632] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31633] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31634] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31635] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31636] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31637] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31638] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31639] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31640] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31641] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31642] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31643] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31644] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31645] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31646] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31647] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31648] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31649] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31650] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31651] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31652] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31653] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31654] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-31655] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31656] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31657] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31658] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31659] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31660] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31661] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31662] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31663] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31664] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31665] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31666] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31667] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31668] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31669] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31670] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31671] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31672] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31673] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31674] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31675] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31676] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31677] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31678] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31679] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31680] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31681] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31682] = "cpe-stable-backport: Backported in 6.18.22"
+
+CVE_STATUS[CVE-2026-31683] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31684] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31685] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31686] = "cpe-stable-backport: Backported in 6.18.24"
+
+CVE_STATUS[CVE-2026-31687] = "cpe-stable-backport: Backported in 6.18.12"
+
+# CVE-2026-31688 needs backporting (fixed from 7.0)
+
+CVE_STATUS[CVE-2026-31689] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31690] = "cpe-stable-backport: Backported in 6.18.23"
+
+CVE_STATUS[CVE-2026-31691] = "cpe-stable-backport: Backported in 6.18.23"
 
 CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.18.20"