[2/8] linux-yocto/6.12: update CVE exclusions (6.12.39)

Message ID	2ef13aba8836643763de25e0d3e32510658156e3.1755118020.git.bruce.ashfield@gmail.com
State	Accepted, archived
Commit	a58b2c6f20ad6257036e144bee2eec1375e1a799
Headers	show Return-Path: <bruce.ashfield@gmail.com> ip: 209.85.219.51, mailfrom: bruce.ashfield@gmail.com) From: bruce.ashfield@gmail.com To: richard.purdie@linuxfoundation.org Cc: openembedded-core@lists.openembedded.org Subject: [PATCH 2/8] linux-yocto/6.12: update CVE exclusions (6.12.39) Date: Wed, 13 Aug 2025 16:49:16 -0400 Message-Id: <2ef13aba8836643763de25e0d3e32510658156e3.1755118020.git.bruce.ashfield@gmail.com> In-Reply-To: <cover.1755118020.git.bruce.ashfield@gmail.com> References: <cover.1755118020.git.bruce.ashfield@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[1/8] linux-yocto/6.12: update to v6.12.39 \| expand [1/8] linux-yocto/6.12: update to v6.12.39 [2/8] linux-yocto/6.12: update CVE exclusions (6.12.39) [3/8] linux-yocto/6.12: update to v6.12.40 [4/8] linux-yocto/6.12: update CVE exclusions (6.12.40) [5/8] linux-libc-headers: update to v6.16 [6/8] lttng-modules: update to v2.14.0 [7/8] linux-yocto/6.12: update to v6.12.41 [8/8] linux-yocto/6.12: update CVE exclusions (6.12.41)

Message ID

2ef13aba8836643763de25e0d3e32510658156e3.1755118020.git.bruce.ashfield@gmail.com

State

Accepted, archived

Commit

a58b2c6f20ad6257036e144bee2eec1375e1a799

Headers

From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [PATCH 2/8] linux-yocto/6.12: update CVE exclusions (6.12.39)
Date: Wed, 13 Aug 2025 16:49:16 -0400
Message-Id: 
 <2ef13aba8836643763de25e0d3e32510658156e3.1755118020.git.bruce.ashfield@gmail.com>
In-Reply-To: <cover.1755118020.git.bruce.ashfield@gmail.com>
References: <cover.1755118020.git.bruce.ashfield@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[1/8] linux-yocto/6.12: update to v6.12.39 | expand

Commit Message

Bruce Ashfield Aug. 13, 2025, 8:49 p.m. UTC

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 4 changes (1 new | 3 updated): - 1 new CVEs: CVE-2025-46002 - 3 updated CVEs: CVE-2025-5752, CVE-2025-6717, CVE-2025-7397
        Date: Fri, 18 Jul 2025 14:11:28 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 meta/recipes-kernel/linux/cve-exclusion_6.12.inc | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 02931bbf79..e428258bb1 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-07-15 14:54:42.649263+00:00 for kernel version 6.12.38
-# From linux_kernel_cves cve_2025-07-15_1400Z-4-gc77733e1fe6
+# Generated at 2025-07-18 14:17:49.367230+00:00 for kernel version 6.12.39
+# From linux_kernel_cves cve_2025-07-18_1400Z
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.38"
+    this_version = "6.12.39"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4132,7 +4132,7 @@  CVE_STATUS[CVE-2022-49962] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-49963] = "fixed-version: Fixed from version 6.0"
 
-CVE_STATUS[CVE-2022-49964] = "fixed-version: Fixed from version 6.0"
+CVE_STATUS[CVE-2022-49964] = "fixed-version: Fixed from version 5.19.7"
 
 CVE_STATUS[CVE-2022-49965] = "fixed-version: Fixed from version 6.0"
 
@@ -5582,8 +5582,6 @@  CVE_STATUS[CVE-2023-52999] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-53000] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2023-53001] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2023-53002] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-53003] = "fixed-version: Fixed from version 6.2"
@@ -13672,7 +13670,7 @@  CVE_STATUS[CVE-2025-38065] = "cpe-stable-backport: Backported in 6.12.31"
 
 CVE_STATUS[CVE-2025-38066] = "cpe-stable-backport: Backported in 6.12.31"
 
-# CVE-2025-38067 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-38067] = "cpe-stable-backport: Backported in 6.12.39"
 
 CVE_STATUS[CVE-2025-38068] = "cpe-stable-backport: Backported in 6.12.31"
 
@@ -13746,7 +13744,7 @@  CVE_STATUS[CVE-2025-38102] = "cpe-stable-backport: Backported in 6.12.34"
 
 CVE_STATUS[CVE-2025-38103] = "cpe-stable-backport: Backported in 6.12.34"
 
-# CVE-2025-38104 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-38104] = "cpe-stable-backport: Backported in 6.12.39"
 
 # CVE-2025-38105 needs backporting (fixed from 6.16rc1)
 
@@ -14236,6 +14234,8 @@  CVE_STATUS[CVE-2025-38347] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-38348] = "cpe-stable-backport: Backported in 6.12.35"
 
+CVE_STATUS[CVE-2025-38349] = "cpe-stable-backport: Backported in 6.12.39"
+
 CVE_STATUS[CVE-2025-38479] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-38575] = "cpe-stable-backport: Backported in 6.12.23"

[2/8] linux-yocto/6.12: update CVE exclusions (6.12.39)

Commit Message

Patch