diff mbox series

[kirkstone,05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567

Message ID f415c8d77aa370dfb6b6c83c2f06282a7b9e1b54.1768914702.git.yoann.congal@smile.fr
State New
Headers show
Series [kirkstone,01/26] util-linux: patch CVE-2025-14104 | expand

Commit Message

Yoann Congal Jan. 20, 2026, 1:37 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

These CVEs are not applicable to version 6.2.x as the vulnerable code
was introduced inly in 10.0.0.

Debian made the analysis, reuse their work.
* https://security-tracker.debian.org/tracker/CVE-2025-54566
* https://security-tracker.debian.org/tracker/CVE-2025-54567

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/qemu/qemu.inc | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 2866cbe7ec..764f0e110a 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -169,6 +169,9 @@  CVE_CHECK_IGNORE += "CVE-2023-1386"
 # virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected
 CVE_CHECK_IGNORE += "CVE-2024-7730"
 
+# These issues were introduced in v10.0.0-rc0
+CVE_CHECK_IGNORE += "CVE-2025-54566 CVE-2025-54567"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"