diff mbox series

[5/5] linux-yocto/6.12: update CVE exclusions (6.12.44)

Message ID d621c8b17ffd9fa06464da676bb2d96471555c4d.1757088383.git.bruce.ashfield@gmail.com
State New
Headers show
Series [1/5] poky: bump default kernel reference to 6.16 | expand

Commit Message

Bruce Ashfield Sept. 5, 2025, 4:09 p.m. UTC 
From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 3 changes (0 new | 3 updated): - 0 new CVEs: - 3 updated CVEs: CVE-2025-32100, CVE-2025-55852, CVE-2025-55944
        Date: Wed, 3 Sep 2025 20:01:09 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 140 +++++++++++++++++-
 1 file changed, 134 insertions(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index cc26368560..57b735ed34 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@ 
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-08-21 13:18:00.380174+00:00 for kernel version 6.12.42
-# From linux_kernel_cves cve_2025-08-21_1200Z-2-g608fd2b01c2
+# Generated at 2025-09-03 20:06:37.780942+00:00 for kernel version 6.12.44
+# From linux_kernel_cves cve_2025-09-03_1900Z-6-ga45e93ffde5
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.42"
+    this_version = "6.12.44"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -12000,6 +12000,10 @@  CVE_STATUS[CVE-2024-58237] = "cpe-stable-backport: Backported in 6.12.9"
 
 CVE_STATUS[CVE-2024-58238] = "fixed-version: Fixed from version 6.9"
 
+CVE_STATUS[CVE-2024-58239] = "fixed-version: Fixed from version 6.8"
+
+CVE_STATUS[CVE-2024-58240] = "fixed-version: Fixed from version 6.8"
+
 CVE_STATUS[CVE-2025-21629] = "cpe-stable-backport: Backported in 6.12.9"
 
 CVE_STATUS[CVE-2025-21631] = "cpe-stable-backport: Backported in 6.12.10"
@@ -12492,7 +12496,7 @@  CVE_STATUS[CVE-2025-21882] = "fixed-version: only affects 6.13 onwards"
 
 CVE_STATUS[CVE-2025-21883] = "cpe-stable-backport: Backported in 6.12.18"
 
-# CVE-2025-21884 may need backporting (fixed from 6.12.43)
+CVE_STATUS[CVE-2025-21884] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-21885] = "cpe-stable-backport: Backported in 6.12.18"
 
@@ -13060,7 +13064,7 @@  CVE_STATUS[CVE-2025-37742] = "cpe-stable-backport: Backported in 6.12.24"
 
 # CVE-2025-37743 needs backporting (fixed from 6.15)
 
-CVE_STATUS[CVE-2025-37744] = "cpe-stable-backport: Backported in 6.12.24"
+CVE_STATUS[CVE-2025-37744] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-37745] = "cpe-stable-backport: Backported in 6.12.24"
 
@@ -14774,12 +14778,136 @@  CVE_STATUS[CVE-2025-38612] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38613] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-38614 may need backporting (fixed from 6.12.43)
+CVE_STATUS[CVE-2025-38614] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-38615] = "cpe-stable-backport: Backported in 6.12.42"
 
+CVE_STATUS[CVE-2025-38616] = "cpe-stable-backport: Backported in 6.12.43"
+
+CVE_STATUS[CVE-2025-38617] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38618] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38619] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38620] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2025-38621 needs backporting (fixed from 6.17rc1)
+
+CVE_STATUS[CVE-2025-38622] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38623] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38624] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38625] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38626] = "cpe-stable-backport: Backported in 6.12.42"
+
+# CVE-2025-38627 needs backporting (fixed from 6.17rc1)
+
+CVE_STATUS[CVE-2025-38628] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38629] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38630] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38631] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38632] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38633] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-38634] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38635] = "cpe-stable-backport: Backported in 6.12.42"
+
+# CVE-2025-38636 needs backporting (fixed from 6.17rc1)
+
 CVE_STATUS[CVE-2025-38637] = "cpe-stable-backport: Backported in 6.12.23"
 
+CVE_STATUS[CVE-2025-38638] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-38639] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38640] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38641] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-38642] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-38643 needs backporting (fixed from 6.17rc1)
+
+CVE_STATUS[CVE-2025-38644] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38645] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38646] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38647] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-38648] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38649] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38650] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38651] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38652] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38653] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38654] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38655] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-38656 has no known resolution
+
+CVE_STATUS[CVE-2025-38657] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-38658] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38659] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38660] = "cpe-stable-backport: Backported in 6.12.42"
+
+CVE_STATUS[CVE-2025-38661] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38662] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38663] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38664] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38665] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38666] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38667] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38668] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38669] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38670] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38671] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38672] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38673] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38674] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38675] = "cpe-stable-backport: Backported in 6.12.41"
+
+CVE_STATUS[CVE-2025-38676] = "cpe-stable-backport: Backported in 6.12.44"
+
+CVE_STATUS[CVE-2025-38677] = "cpe-stable-backport: Backported in 6.12.44"
+
+# CVE-2025-38678 needs backporting (fixed from 6.17rc2)
+
 CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23"