[kirkstone,6/9] qemu: ignore CVE-2024-7730

Message ID	93545ef00c4930dd297649934bee0e95c520ee16.1756215756.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.170, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730 Date: Tue, 26 Aug 2025 06:44:28 -0700 Message-ID: <93545ef00c4930dd297649934bee0e95c520ee16.1756215756.git.steve@sakoman.com> In-Reply-To: <cover.1756215756.git.steve@sakoman.com> References: <cover.1756215756.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,1/9] openssl: fix CVE-2023-50781 \| expand [kirkstone,1/9] openssl: fix CVE-2023-50781 [kirkstone,2/9] xserver-xorg: Fix for CVE-2025-49178 [kirkstone,3/9] xserver-xorg: Fix for CVE-2025-49179 [kirkstone,4/9] xserver-xorg: Fix for CVE-2025-49180 [kirkstone,5/9] gstreamer1.0-plugins-base: fix CVE-2025-47807 [kirkstone,6/9] qemu: ignore CVE-2024-7730 [kirkstone,7/9] glib-2.0: patch CVE-2025-7039 [kirkstone,8/9] dpkg: patch CVE-2025-6297 [kirkstone,9/9] libarchive: patch regression of patch for CVE-2025-5918

Message ID

93545ef00c4930dd297649934bee0e95c520ee16.1756215756.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/9] qemu: ignore CVE-2024-7730
Date: Tue, 26 Aug 2025 06:44:28 -0700
Message-ID: 
 <93545ef00c4930dd297649934bee0e95c520ee16.1756215756.git.steve@sakoman.com>
In-Reply-To: <cover.1756215756.git.steve@sakoman.com>
References: <cover.1756215756.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,1/9] openssl: fix CVE-2023-50781 | expand

Commit Message

Steve Sakoman Aug. 26, 2025, 1:44 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE is for virtio-snd which was introduced in 8.2.0.
Therefore ignore this CVE for version 6.2.0.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index cae33459e6..1298514cd7 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -164,6 +164,9 @@  CVE_CHECK_IGNORE += "CVE-2022-36648"
 # disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985
 CVE_CHECK_IGNORE += "CVE-2023-1386"
 
+# virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected
+CVE_CHECK_IGNORE += "CVE-2024-7730"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"

[kirkstone,6/9] qemu: ignore CVE-2024-7730

Commit Message

Patch