From patchwork Mon May 26 09:29:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Niko Mauno <niko.mauno@vaisala.com>
X-Patchwork-Id: 63671
Return-Path: <niko.mauno@vaisala.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DE28BC5B547
	for <webhook@archiver.kernel.org>; Mon, 26 May 2025 09:30:00 +0000 (UTC)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.139])
 by mx.groups.io with SMTP id smtpd.web10.25216.1748251795008364936
 for <openembedded-core@lists.openembedded.org>;
 Mon, 26 May 2025 02:29:56 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com
 header.s=selector1 header.b=IjJHVA5K;
 spf=permerror,
 err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded
 (domain: vaisala.com, ip: 40.107.21.139, mailfrom: niko.mauno@vaisala.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Eq7nv/tIvxaMSrkqfoX8KLMzhhNC4ucOL3dy0y0q3bm3qU1c6a7jhGmbz1gFpdrIRGcql88CL9DFGceGf24x8nkPBlMI/AY2qNDaX15v8Rm1ozXDkQH42Vc9tKSiJ3/ma38li7ji2vSHPXPUIUR/se67WpjkNn/cwHT89gnPp6eJ2S4gXthzr49MrQghWQ5u+qEQn8q9NYDAmIDSM2pAi2h/EMc38CS/otzSbafYadSLsIj0NbEvm3wAYpcTks40ZW0JAC8oWNcjGpg1BH3Ji9bVF9ERihd+1kLNCQWfQzBmLCdOo//B5isjELfoMFvLog+eqrHwcSsP9bK3JuDF/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=t9ztb8t43M+PTCxx+/ONjvFb0fgJ6cDaqq/tPYn44OQ=;
 b=m96SXyGNAfcoUg/gF7/Y2p4uO7G7KOlxFPjWhs79fbYSVrFwz+VvScJ8le4kjzyRzgY4lbr7Wir3s21963rZVXag34qfVxD5u5oJ/tOlnMU0MUXgQDY31TGddzgeVOs4aSZoJ13ZIXKV7hmJg+PKma6xGTuFWfJ4Md7StXHGvwCpeD9aCDm8cD5FVVHWitPf4QFD00ldEOTICbKQUfJAC7wkRGF1eOK4Y+WCpTLxhvBRh6MDi/i2SGfptu66Mbfqpt+nD6iaNy/ghQZAjyC2jOiK0FIs+Dq8kE1V2IwdnAD9/c1buuRuaBKYfoqM9slaa8Rc4g81LtO6AwXeyz1EvQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com;
 dkim=pass header.d=vaisala.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=t9ztb8t43M+PTCxx+/ONjvFb0fgJ6cDaqq/tPYn44OQ=;
 b=IjJHVA5Ktl1kdMuHAS/nUqtooZxyxwPaiAQbRjhPK7xpkxSLId0Fk76nuSzG47SkNbYKd3LPAOiE6vnKIiybBPCC9QeHEtYLUu5s/JMA6/lYie1qMDzM6fD4OrT3KyCVjwNSeJL8t0cdFpk17Em4zSeKktlqRYDIi/w98brrpc/ixdvfhLLh98u3a+s6I0KXrRugBNEhpjeADXa9tj3qKld+7yAFEqzqJ2RA2rAWymb94+7a5iVbAqaFLVSiNVd3XDXn/qVJ3QSAO8nIxpXtEVLLt9/SM17FlzDjpHjAAhoiJQdIVDpYIzl3pRNxUhks7M1bB5/96d9VVK1gGRHzFg==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=vaisala.com;
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11)
 by VI1PR06MB8638.eurprd06.prod.outlook.com (2603:10a6:800:1da::10) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8746.30; Mon, 26 May
 2025 09:29:50 +0000
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc%6]) with mapi id 15.20.8769.022; Mon, 26 May 2025
 09:29:50 +0000
From: Niko Mauno <niko.mauno@vaisala.com>
To: openembedded-core@lists.openembedded.org
CC: Niko Mauno <niko.mauno@vaisala.com>
Subject: [PATCH 1/3] cve-exclusion_6.12.inc: Update using current cvelistV5
Date: Mon, 26 May 2025 09:29:25 +0000
Message-ID: <20250526092927.2588577-1-niko.mauno@vaisala.com>
X-Mailer: git-send-email 2.39.5
X-ClientProxiedBy: GV3PEPF00002BA5.SWEP280.PROD.OUTLOOK.COM
 (2603:10a6:144:1:0:6:0:1c) To AS4PR06MB8447.eurprd06.prod.outlook.com
 (2603:10a6:20b:4e2::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|VI1PR06MB8638:EE_
X-MS-Office365-Filtering-Correlation-Id: 8c2a9415-649a-4943-91be-08dd9c37dce7
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|376014|52116014|1800799024|366016|38350700014;
X-Microsoft-Antispam-Message-Info: 
 uLyS5l5D0BgEUxEVuMk06pyVgua+XzqdrHWIrM5BS3697xMJNrSZKZsj3hzwzaA1gJK+XWEvRF95+pXDQzh6f5L1j7KWmW3yZ0yyCxagePx7HkoqiZAWTlL1zPFuvvMKN7PfBjdm1w+2h1oDx9fdUnn0dKSOTqRklfCeL7b8RIzTkkz9rb58Q0HTUiEow4hoprahIxTSKYyzCbbm1KxvEj/qE1RLFV+Nsz+z/ZPHS3VwgGN9xhwLzaGYkGeBMu4K9C+UucI7aLvc8z4anFDUk1nSVb0os5obyRdtCSzSVGfohTpSoythqcKuZ80lRzm9pT/SmTDxNJRlS+Ql/XMJF/783aZV5E++wES8RPTeAq5JIjwj7le9/O8SvpakrFoszMWLOxDJIFIFdnVhWxJnzURPL6SLsM/YLz25sdNCNePBN4oz6MOX3uERQiEp1bZRwvElGFhz2ojScmyEAyTsj00VJGL1yX16Lh+wP6lx7AwDk7ptQQnZSdZqDMn9bOHQnF9cAKQQq7rhOiwBC6dAHPJHEo6Aks18b+S53KC/VZONvoMktcTRLaM/tqLmeykuy2rabJOKx2yKAA5kFHbzTaZ++4Bvm6+BLXlr68nvNNHNBj9LPPIXQllKR2TXzdOrOFxgeRVHdhrDg1e4imQGr8JicxNR4RDZ8DQ3XMxPHiLtLuEgj2upYFPMMBHa/4Jg63dWc6BcY5rhCY+rvooUe2QSbkKJ6BSTGiKpHDuWXCO8wp5xZrboCH4a1SGDq04fh9q4SrdqC3lFcvqDXnkoMYiphd8I5SL1EZZkXBlKRjenyFnJZCqkh/WjLLWo62so3FQHzqNhLz8vJl/KHslt9+G/aLGZPpJuTqa9YSH8ZJSLlUudGLCqgP5MNi9VxK1R8YTaiTaYF0ZMdYwmyBWETDl37paa5C7T3aeYUGOMeRj3dUYbpgFixpwbCo8M9N1/QIOxShCAGz1oF0RMYztXFBdiVOF9sXy04uLLj/N6f6RvZpbrEGPj1/ttjPraffTCGo6NLUR4tjnLJrvP7Dqogipw6qdNYXN9i05sWGmcQSlkezs2LkDMtBMQIMRkwtQNYphEsMdV5nYcm1ubZcX1ejp6pslqOsp+XkaPlgK3VTRya7ZnwssQw5AvjDhN6zYy9lpfBEKB0tjUJO1hKEQEy/BABtRvU3oEesQ1uLQJ5RYBqpBnWwx0Uyp7EHDBtDwAw4+Ki9H7Z66cztVpwlGey/3A3rBxPHS2LO44hpuCXsHAM4L6RCo7OjVpbwz7Wvy5AxL+MB3dSsTaZfJpQppOdgvWEUpuYrjJHf6Q4h3hBjYDzxKSk14hzCoQWP/5KH7+s0umi0jsfCz5ey+GMg9oakD89nrJFINO2G2zjK7cm0cjHpgSl+fGGnsh1uB0BtF+iAV+ab0twBIfNl6YObnnLk34p2p+2UO7n7DXJkzda9rhtI1hgQj4xyqm0PD9278Z6ojwYGqucehYEC9nRwg8lAJpRkstI/HCiOhrrMEHDiU=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(1800799024)(366016)(38350700014);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 /Y9CSRBbEf0oZxKD5YRGeXr9SAzeYuYdUbLyDWKgk/CG4J/8NHlwTYVG7F8uFUou3Y96RT+E8RpFua9vKFNHmIFmLmpHxo4Kf77zfxaz+GTf8J887dsRFgRUx46CLx12oVnpuo8Q2eiXdjUurLDnVb3Hr1cDPghq9+YGnO0Pd3xzrE+Wlx7HJhi3TBth7wnQRCalpxmCHdlOxVsAKknL/z4Ew24hHQymIexYd5YE8iPnlkfuLEOZlhNY7AdMglYm5iknznHtPlJCiJayMUhAAr2L9sX5G8MmqBpRlvCv+bwjZFQtkKUxM1/IzPKpb8LwsQiTYMaXE4pNS5DsvxcZw8Kd5gOxHurQwVg9adqkefw4kKGa92KqTlt5nEM3quNCth9JRkPy6lN8BGaROA4qopgPJNyHpQx0w+/FJw7BRId2jWHLkCI1icRn6KIT97YDTRrYsMnu63/b6KjwlzJFruRO1QRHXK/BtWN9g64OXinEXdBBR5muSDteCY9nqlbb9ElHezrDGY2KQnqCzYkmZioV58bxyx+vOzQzil3sDa97mRiMXI2SM12ZZBida0JsIVSi6HrWkMq76XKd3utAoWXMEgzlzJNFXJfCxoVz6p3GqW8yLd4IibIXHBl5AwVcWqQp/UReDNuanCwKJBfaM0OEWC9YyLHyMcs8uWdhiCW8AVGxEwdCw5zokVrxT29eKvZ2ERnwYwonYSi8/Daa/E0KjA03YxgMtw4HyrCxGCSTakagQIGZH2DuqMM3L1AIbD0O0/FdSBb20CvXL/Uw7tW1ngkJ4WEpMp30sfhMWBwYzc07jIJ5F7vk5gUYIZNdNlVN7sxXtr5mwsHyRN61iofmKz87BOGcw/Nao198hnM9NnhCkt9gxPbyD0aq/bsqsiJn8M3uCGH0u3Ajx2mLgWyokQIr+lhqZmHlryFWL5myxUP0i449OakjVLCi/MAMW/JZAG+0yct6cTp6UHjJjjhXgSChIhwkLyzQeNjSo025Knts2e+DEd86BHQ0kY9cBlDjeghj6q+qhQYcywuq94OeaXq7mviF3/xr2nr0nBkvDybW6PYKUPUWMUlJTzFU656UjCeH4puLteaT/oYkmElTBZjNBSiIcVikdl+N/ZAAKr65cPCNSEUiInuiXwAwgOhoxOUkk4FgU3yZbD8WuScna6Nf0MEN+dHvKuZ8P7/vwMh0Nzm557+CdPrKkyKJ2lwSIVatiSvjc66QIANCUfhUCvV/uazhxNYdZZdkDWJopyHsJIsKIh97+qpYMIC4Bcoqat9+pItOzciilR5qCCnYd0KFAJ9D5aNU7PM3Ptz7oF8uj5WOJuaZz+mP8eRSDQ9cX+5d+ForoN1QFhVWeRyHg9jlYCUcyBE70FG+MxWH151T+jNJ95IXKgfLyXSvfOMVNEhaZtPa6Maf9XYQjmvyNkQA1V37Snwmd9vWWyPa15SFXF6v2UUUi3vGXUatBibNRX0sVF/n108bQziRp+iarSB/SdqC8bDeIC8X+nB469FGlPB28dJtllK1TEC951DsKoyEvDa9F2jtr6lfGzk+vmpAZSMCCiOwExiUB//3kHgqcIyhEHQcu9Nh1Gygg8uGlmwENa7gWF0N1tnT4w==
X-OriginatorOrg: vaisala.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8c2a9415-649a-4943-91be-08dd9c37dce7
X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2025 09:29:50.1617
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 OM6ynSE+QB49vWxo/GhoB75WbYrXBE/f2+Jann34pwfEFvOEkQ5MK99JUzYVc0hSW1XrHGoQoJ16hqxOTapPgg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR06MB8638
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 26 May 2025 09:30:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/217264

Regenerated with

 ./generate-cve-exclusions.py ~/cvelistV5/ 6.12.27 > cve-exclusion_6.12.inc

With ~/cvelistV5/ containing clone from
https://github.com/CVEProject/cvelistV5.git repository main branch at
git hash b20d0043711588b6409ae3118bc0510ab888c316.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
---
 .../linux/cve-exclusion_6.12.inc              | 226 ++++++++++++++++--
 1 file changed, 208 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 656d1f6898..49d8bfcf0c 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,6 +1,6 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-05-12 13:07:15.166162+00:00 for version 6.12.27
+# Generated at 2025-05-24 07:35:37.850677+00:00 for version 6.12.27
 
 python check_kernel_cve_status_version() {
     this_version = "6.12.27"
@@ -1956,7 +1956,7 @@ CVE_STATUS[CVE-2022-48840] = "fixed-version: Fixed from version 5.16.17"
 
 CVE_STATUS[CVE-2022-48841] = "fixed-version: Fixed from version 5.17"
 
-CVE_STATUS[CVE-2022-48842] = "fixed-version: Fixed from version 5.17"
+CVE_STATUS[CVE-2022-48842] = "fixed-version: Fixed from version 5.16.16"
 
 CVE_STATUS[CVE-2022-48843] = "fixed-version: Fixed from version 5.17"
 
@@ -2358,8 +2358,6 @@ CVE_STATUS[CVE-2022-49054] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49055] = "fixed-version: Fixed from version 5.18"
 
-CVE_STATUS[CVE-2022-49056] = "fixed-version: Fixed from version 5.17.4"
-
 CVE_STATUS[CVE-2022-49057] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49058] = "fixed-version: Fixed from version 5.18"
@@ -4078,8 +4076,6 @@ CVE_STATUS[CVE-2022-49931] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-49932] = "fixed-version: Fixed from version 6.3"
 
-CVE_STATUS[CVE-2022-49933] = "fixed-version: Fixed from version 6.3"
-
 # CVE-2023-34319 has no known resolution
 
 # CVE-2023-34324 has no known resolution
@@ -4564,7 +4560,7 @@ CVE_STATUS[CVE-2023-52731] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-52732] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2023-52733] = "fixed-version: Fixed from version 6.2"
+# CVE-2023-52733 has no known resolution
 
 CVE_STATUS[CVE-2023-52735] = "fixed-version: Fixed from version 6.2"
 
@@ -5284,6 +5280,8 @@ CVE_STATUS[CVE-2023-53144] = "fixed-version: Fixed from version 6.3"
 
 CVE_STATUS[CVE-2023-53145] = "fixed-version: Fixed from version 6.3"
 
+CVE_STATUS[CVE-2023-53146] = "fixed-version: Fixed from version 6.6"
+
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -11438,8 +11436,6 @@ CVE_STATUS[CVE-2025-21631] = "cpe-stable-backport: Backported in 6.12.10"
 
 CVE_STATUS[CVE-2025-21632] = "cpe-stable-backport: Backported in 6.12.10"
 
-CVE_STATUS[CVE-2025-21633] = "cpe-stable-backport: Backported in 6.12.10"
-
 CVE_STATUS[CVE-2025-21634] = "cpe-stable-backport: Backported in 6.12.10"
 
 CVE_STATUS[CVE-2025-21635] = "cpe-stable-backport: Backported in 6.12.10"
@@ -11544,8 +11540,6 @@ CVE_STATUS[CVE-2025-21684] = "cpe-stable-backport: Backported in 6.12.11"
 
 CVE_STATUS[CVE-2025-21685] = "cpe-stable-backport: Backported in 6.12.11"
 
-CVE_STATUS[CVE-2025-21686] = "cpe-stable-backport: Backported in 6.12.12"
-
 CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12"
 
 CVE_STATUS[CVE-2025-21688] = "fixed-version: only affects 6.13 onwards"
@@ -11836,8 +11830,6 @@ CVE_STATUS[CVE-2025-21835] = "cpe-stable-backport: Backported in 6.12.16"
 
 CVE_STATUS[CVE-2025-21836] = "cpe-stable-backport: Backported in 6.12.16"
 
-# CVE-2025-21837 needs backporting (fixed from 6.14)
-
 CVE_STATUS[CVE-2025-21838] = "cpe-stable-backport: Backported in 6.12.16"
 
 CVE_STATUS[CVE-2025-21839] = "cpe-stable-backport: Backported in 6.12.16"
@@ -12364,7 +12356,7 @@ CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards"
 
 # CVE-2025-22101 needs backporting (fixed from 6.15rc1)
 
-# CVE-2025-22102 needs backporting (fixed from 6.15rc1)
+# CVE-2025-22102 needs backporting (fixed from 6.12.30)
 
 # CVE-2025-22103 needs backporting (fixed from 6.15rc1)
 
@@ -12616,8 +12608,6 @@ CVE_STATUS[CVE-2025-37802] = "cpe-stable-backport: Backported in 6.12.26"
 
 # CVE-2025-37803 needs backporting (fixed from 6.15rc2)
 
-CVE_STATUS[CVE-2025-37804] = "cpe-stable-backport: Backported in 6.12.26"
-
 CVE_STATUS[CVE-2025-37805] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37806] = "cpe-stable-backport: Backported in 6.12.26"
@@ -12650,7 +12640,7 @@ CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26"
 
-# CVE-2025-37821 needs backporting (fixed from 6.15rc4)
+# CVE-2025-37821 needs backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26"
 
@@ -12766,7 +12756,7 @@ CVE_STATUS[CVE-2025-37878] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37879] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37880] = "cpe-stable-backport: Backported in 6.12.26"
+# CVE-2025-37880 needs backporting (fixed from 6.15rc1)
 
 CVE_STATUS[CVE-2025-37881] = "cpe-stable-backport: Backported in 6.12.26"
 
@@ -12786,10 +12776,210 @@ CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20"
 
+# CVE-2025-37890 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37891 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24"
+
 CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23"
 
+# CVE-2025-37894 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2025-37897 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-37899 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37900 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37901 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards"
+
+# CVE-2025-37903 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-37905 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37906 needs backporting (fixed from 6.15rc4)
+
+# CVE-2025-37907 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37908 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37909 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37910 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37911 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37912 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37913 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37914 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37915 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37916 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37917 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37918 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37919 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37920 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37921 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37922 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37923 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37924 needs backporting (fixed from 6.12.28)
+
 # CVE-2025-37925 needs backporting (fixed from 6.15rc1)
 
+# CVE-2025-37926 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37927 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37928 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.15rc1 onwards"
+
+# CVE-2025-37930 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37931 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37932 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37933 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37934 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37935 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37936 needs backporting (fixed from 6.12.28)
+
+CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23"
+
+CVE_STATUS[CVE-2025-37938] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37939] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-37940] = "cpe-stable-backport: Backported in 6.12.24"
+
+CVE_STATUS[CVE-2025-37941] = "cpe-stable-backport: Backported in 6.12.24"
+
+CVE_STATUS[CVE-2025-37942] = "cpe-stable-backport: Backported in 6.12.24"
+
+CVE_STATUS[CVE-2025-37943] = "cpe-stable-backport: Backported in 6.12.24"
+
+CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24"
+
+# CVE-2025-37946 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37947 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37948 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37949 needs backporting (fixed from 6.12.29)
+
+CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2025-37951 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37952 needs backporting (fixed from 6.12.29)
+
+CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards"
+
+# CVE-2025-37954 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37955 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37956 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37957 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37958 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37959 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37960 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37961 needs backporting (fixed from 6.12.29)
+
+CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.15rc1 onwards"
+
+# CVE-2025-37963 needs backporting (fixed from 6.12.29)
+
+CVE_STATUS[CVE-2025-37964] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-37965] = "fixed-version: only affects 6.15rc2 onwards"
+
+CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-37967 needs backporting (fixed from 6.12.30)
+
+# CVE-2025-37968 needs backporting (fixed from 6.12.30)
+
+# CVE-2025-37969 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37970 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37971 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37972 needs backporting (fixed from 6.12.29)
+
+# CVE-2025-37973 needs backporting (fixed from 6.12.29)
+
+CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
+
+# CVE-2025-37976 has no known resolution
+
+CVE_STATUS[CVE-2025-37977] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37978] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37979] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37980] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37981] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37982] = "cpe-stable-backport: Backported in 6.12.25"
+
+CVE_STATUS[CVE-2025-37983] = "cpe-stable-backport: Backported in 6.12.26"
+
+# CVE-2025-37984 needs backporting (fixed from 6.15rc1)
+
+CVE_STATUS[CVE-2025-37985] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37986] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37987] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26"
+
+CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26"
+
+# CVE-2025-37990 needs backporting (fixed from 6.12.28)
+
+# CVE-2025-37991 needs backporting (fixed from 6.12.28)
+
 CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-38104 needs backporting (fixed from 6.15rc1)

From patchwork Mon May 26 09:29:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Niko Mauno <niko.mauno@vaisala.com>
X-Patchwork-Id: 63670
Return-Path: <niko.mauno@vaisala.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DE024C5B542
	for <webhook@archiver.kernel.org>; Mon, 26 May 2025 09:30:00 +0000 (UTC)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com
 (EUR03-VI1-obe.outbound.protection.outlook.com [40.107.103.121])
 by mx.groups.io with SMTP id smtpd.web11.25323.1748251794650781148
 for <openembedded-core@lists.openembedded.org>;
 Mon, 26 May 2025 02:29:57 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com
 header.s=selector1 header.b=Q92R0TOn;
 spf=permerror,
 err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded
 (domain: vaisala.com, ip: 40.107.103.121, mailfrom: niko.mauno@vaisala.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=FFsCrnHJRK/4jhYgmt9i/C3eZsF+YpyinQsz4ck7sSKLS5AqA48eBieWz/S5yY49dK48cVNVPqJ6YzSOeXZAt0NL2HyQxYBGQZ6BWQX9kDTPKj8KNV1WhK4mW7kLkadU/QEssrEkNSvweq7+K0kMoCYL2IRe2rK1KL5BPJkwHG4zpP1CCnZSH8+KD1ged5Myus9LGTN1cf6l6w8IBP/kM73tn8073tX7tGbzHB+hYwgbmKpDkDdq2dgW+RSGtv5SbjdtrzvHl0Wkmudc2O2M4PeFmcuysd/H1oOoe1cAf8YQy9J6ARqmjTokvVCUlNp1sqe/bi2viCS8WETTla0aog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=oAD9w+H4EVoJ3X67uV3EWvlnE2yqXKx0uVc/q9ZahvI=;
 b=n9HlC/UsjYAWcccPKO45J4uf/+3WNthJJCNkoi9N5hVb0YEslLcEBQaMHSbd4ZmO3060IrZZ+633pu63zP9mpRaP8nI5niuclRdL1zqI2WodoxJmgef+gAN5WLHUrS/p1rXY51dKo3KOA+yeCK/J8+aa5KoH8UW9hNiuBdx4/NvMeo7tLpQlu1T3aEDJhCVC778UcMoHcbHIGC4M8KAXA3tpSUIbEcWfwLAAdCeIJHjZ4lWUwTvoU+0z+Rv6DmSUY4J1D2Y75Eo3qTn/DjPnB4aAMe+kESM7mU8KMHVUY/TZ+QWhn/8aHpQhUFyZX0l054ONqmjNamMEB7B006zIGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com;
 dkim=pass header.d=vaisala.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=oAD9w+H4EVoJ3X67uV3EWvlnE2yqXKx0uVc/q9ZahvI=;
 b=Q92R0TOnQ9cnZ8/J4+6RLdCbjpD9S8YyBwVRxo3f8VwZRY7KmEDEJZUaNSeERkmzWXG3j+QDw//MClGSqBY97xQAfczhLzhgd1ZQnpJZv7E/KQX3aiVcuSBpzAeEVPBnn73c+9hQ6ejlXlLgXCzUe0u9Sxk8kCN5qPqR6HCMpOMaN/XljZomwDAU88mx+kPiA9mg7IGpqbAibecHdwKL9jFDwkP4whQWc1bx6SpIawSDprHBT/h16Tp6QxebeomCdFOkmGJmGD5WnACzfjHU/p12v09HtIImpmBTPqNxKSIv/K/J3z+R+ibEE+bcy0GkGj0TM4e+GS/1/KRh7g8oKQ==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=vaisala.com;
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11)
 by AM8PR06MB6836.eurprd06.prod.outlook.com (2603:10a6:20b:1c7::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.24; Mon, 26 May
 2025 09:29:50 +0000
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc%6]) with mapi id 15.20.8769.022; Mon, 26 May 2025
 09:29:50 +0000
From: Niko Mauno <niko.mauno@vaisala.com>
To: openembedded-core@lists.openembedded.org
CC: Niko Mauno <niko.mauno@vaisala.com>
Subject: [PATCH 2/3] linux: cve-exclusions: Fix false negatives
Date: Mon, 26 May 2025 09:29:26 +0000
Message-ID: <20250526092927.2588577-2-niko.mauno@vaisala.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250526092927.2588577-1-niko.mauno@vaisala.com>
References: <20250526092927.2588577-1-niko.mauno@vaisala.com>
X-ClientProxiedBy: GV3PEPF00002BA5.SWEP280.PROD.OUTLOOK.COM
 (2603:10a6:144:1:0:6:0:1c) To AS4PR06MB8447.eurprd06.prod.outlook.com
 (2603:10a6:20b:4e2::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|AM8PR06MB6836:EE_
X-MS-Office365-Filtering-Correlation-Id: 137e926f-82ee-4d9e-be03-08dd9c37dd2e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|1800799024|366016|52116014|376014|38350700014;
X-Microsoft-Antispam-Message-Info: 
 gSGyIOY7BeLxCv6OvaO2v93ip4wpisb/ZMuf1J9nLuFiHbtQ7OUihA3Vmop7g9FVBNxDvr4qQ1IfR/6Rwqs+7MA77IAhzDrKKc5b/0QYqLUdIbQ4w75dT8DL/SN5VPOJSGXVVe5YqUXOrcKv05l+ynUtys/Tt5izjISHE/gRXfmCieSFvSJ648YwiKtXjPFjREuQRwgJ+Fch8Kplb+VZrPb0ucD46LMpq9DnTRP8xd7t5nZ/LP4czXEFWRuLPxcax7d1WHzVqmNAtCNFa9LR12TMXhh/maT+BDGKpbeRiLKl8Zr1NEnwpGa8lv7pBWkTRXmUR2/Ad+OzN+c5Lva1c/b941x5vUyetip4csAkm9/DW4Zt2ihfPrGXBusC3pJAjL6EsHZU0eAV3c1MD9PmaS+rZosnxXD5NaY9NjXhQKHreRsNyrhAqQwC2ojElvP4HjLxRswGs2jMgtHHak2QCAUwFns2wdvy2l5AGm3s+xo422WEn1BEpAbtxfIUggwDxXi+5Hf9E6+vZfx2yEIQLNfZU/nmPXFNiGKB0MFaKykpWikFW6EFwXOCtG1nds/qDU2TuUp6HG96zCRG61nFwqs9wjlqRPHvLO0S0PqqDnL82mNPF9sqUKZxn877VLq2PnpfwIE8hSYLUxXYTxo+/V6i6ZsU1542zU+RhHiFQVRZBr43xvDdmngVcm9a013canv5qg6P70PJ5FdA4VHTZDZhbN09xQBrpJv+NO+w++Ov5pKMY0mzYPQ40maM6WOPApen8RrLKq9joj6rHW+flWQTcNmoa3hS9LoBMHzTDa6riF+IX+/3xkbI1eiRiMs1P/xzO6B9jAXxE81McwtmJsSQIBcGVN26F+lmB6C3tL7Uig/wueLtQms51WP5aWgKDtkNpD3CU4+3GjaLbvkMHYCfleT7vK6lub/A3yUk+vqL5G1eAUc2HQL3S9/9Lge5svQCWGTUT4wJGLibAEiNoMyAwiFLg8QMoIM6camXs5njdbz0CQH5+8HTP1GP2Sxpps+aUTzc4EJ5YgnUmiJELQaqA4EGcSHDq9kEiMCgPEhewued5WxdiuwRSQZwWz0uPFonwyL27ny/rlORScY5G6iyDGzVh8Eh7kAiTm7nXotokTw72l1L6l5MLAAzypjIfnra8PCjP8hjht/0O/Y10mZ7An8v7pVOVnIAvTPdIPOPtP+8ducQt1w2OO6Tf/6SoWZsvBrv5g8UvU50jVzjjfm1ez6wtZoCJi0KWz2DcXqM/6pZrYTXkARDa5RoKhdqHLTpvvllMc7Lhlf4f1YkVDSDROgk5eutLL4SINTv7MW5B69aX4s5O4OeCvSUn/GjSPqIGfILZL4RZe4LG1bgAT65iaiUyZIiOOm/TrpCxRoAdapNZ7n1TR8Xe5e4cNMJCNxha1LsW+Bm/b6iZBCrwR56OwDDF4nwJ6kqxwWkscDb8+cgXav3IpIlsoJzR9r6Ls+9vm77Ys4YHu9kU0QPsEe1ptO9Nh+g6HmzVNQHdaI=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(52116014)(376014)(38350700014);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 J45pA+Nk5DAXClBc/FCg9cQRmWp+ESDcXv05LYY2lxBUHiE9whs43dTpc6KBHy5ICUY6Mpif9PytkQh7bVzdhKSJ+ART+opwfamlZTP5up/fzLgdTUXZxdsoJBfRnbtPwdFyXENGaFeFdWQ8fqYvFvEiuQpAs7MAVlMjmUBiT1fp2TE4MYH4Gh6qD0FGuEVE4B0X6CdgFIS6Gs6M9Zyvv1H0OXJ76fr/NN7YMhMDb554NREWOeGMmvnYdHp3NqpT2Lpb2rv6J3mGnLXdMfo0qwGWOxZQQwiCvahvuUo0Kt/3tU/caZvX8V/86f1FSRZC9eHNfYW90y6q5Enr6QjJSDa58TqgdbMRxSoOGXUzOLu+auUmdPxuOyIeHj0Vsl4cD29MnRgAcVNCxgUqjgsyEsRUJZYaZiaokmYfZgzM9MQ81UESaMuEx7Kr420rRtHJiziL5xL8/j6CJp6orY5LWvWyrRnGFG8/UBTElHSn0ZpHO3X+Zmwyo2z9X6BDoyU4kzdadywTl5yEfr9TVmwPeg6jfSzHL+6XEiyCveMBEgiZdANnqm92321bqH3si69Q6PGcA3eDCpqjb1nQfSBHiCGXZcPwLsh0JDx7w64aRKXmqop2sr+HSGXpKnt86R/Mm1Gs+lXCSc7mcMEongkCyoApA/AvkUf59IB+RKo+57e30/+TDuSK8Nd9Lf4X86imbiYFfG6uKZHpi/WvpKh3fo+wCPZzIFE/hrPW4VUungjq+7a1atSDmGtleJY/bHAxlMCcNWiTSR/D6gl1Q+VPMgmG39U78F5xrPsjSS5Z35/OsRRS6hWcuxMKDlGrxMEqxUpXeR/XdQtEkTMIl1hQKdTuGmCPEukhsMuFZCVk6BVnFUecL7Eyqa16GQxKS8iObpyaKACEwrz66Nm7O5T6j2Wkf59McYHhBERBvx6dU87rDxAEcsIdnEBEspPaoFl4RUvnKHdVQ5mqgQ3F93BE5cAECDyfERqJnvj08lMvoB8mUo5TmU7GsmjpcndNmcm1pkl7iQ/YBoWqmFSi9vJgr3w5G/vdasu/HhjY9YgCQsJl8WGarHr3s5sg8rbClf+W3U6CMx6uhPGUojfNl0KhqsLBolQSv+X4VACLMNCOaY4moiWIt33dEN927gIjWIRDZOFpnmVexxYryD7vi6yqiDJVs8APWDMEI0AaZjIyci3dWp+DkY3MlI4farhdchbRIsYka54CLrLCXFcs7BWw8wHMUDFanw4xJH1tpeun6gBD6O417Z16Z7ZWd/bijqvCQtKxItgSrlOGwyhx1BKIyTfK7WDkFUafiyqaWd8vE3bwl5KHboQWb38y65gXwklJ6EbvJvIpq+JUkJEavBVRjmlDwtz0tYgmHNlz3qGiXYtZpCYbsPZLKEi5MkL52YuJep8SwEwAhWOObrfA0bG2YmTNcc42VGrxb68C1Z1jquAQIL6rTXiIpDm3Fn+TTYi3CpIOUVylueE2rCRdAce4RHow4Y1rzvH144EJgdENOLf76hdDuLgblQlCC3Yug6wVCT+yOfFG24nMMoF2khsjZpc2las/8kmwRTzIo3xKoiIf+Qju60shdXPeG4odbhLfk0VOeQ6armYM+2WEEayFMQ==
X-OriginatorOrg: vaisala.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 137e926f-82ee-4d9e-be03-08dd9c37dd2e
X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2025 09:29:50.6371
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 RhFBQmVezzaAciU7o266nNCeLtvKDXZ4bTkDdaAPM0fPa+pVLwVnyDLjxzyK+zY7AOCH7yOvya8lj4T73qnPhQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR06MB6836
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 26 May 2025 09:30:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/217265

Amend the generate-cve-exclusions.py checking logic in part of the code
responsible for iterating the "affected" defaultStatus part of the JSON
structure in order to mitigate occurrences of false negatives in the
generated output, as well as occurrences of wrong reason for negative
result in case where the reason is actually that the checked kernel
version is in backport fix scope.

In tandem we regenerate the content of cve-exclusion_6.12.inc using
https://github.com/CVEProject/cvelistV5.git repository main branch at
git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content
in sync with the script.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
---
 .../linux/cve-exclusion_6.12.inc              | 70 +++++++++----------
 .../linux/generate-cve-exclusions.py          |  4 +-
 2 files changed, 38 insertions(+), 36 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 49d8bfcf0c..c03ad19a3d 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,6 +1,6 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-05-24 07:35:37.850677+00:00 for version 6.12.27
+# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27
 
 python check_kernel_cve_status_version() {
     this_version = "6.12.27"
@@ -11234,7 +11234,7 @@ CVE_STATUS[CVE-2024-57975] = "cpe-stable-backport: Backported in 6.12.13"
 
 CVE_STATUS[CVE-2024-57977] = "cpe-stable-backport: Backported in 6.12.13"
 
-CVE_STATUS[CVE-2024-57978] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2024-57978] = "cpe-stable-backport: Backported in 6.12.13"
 
 CVE_STATUS[CVE-2024-57979] = "cpe-stable-backport: Backported in 6.12.13"
 
@@ -11296,7 +11296,7 @@ CVE_STATUS[CVE-2024-58007] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2024-58008] = "cpe-stable-backport: Backported in 6.12.14"
 
-CVE_STATUS[CVE-2024-58009] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2024-58009] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2024-58010] = "cpe-stable-backport: Backported in 6.12.14"
 
@@ -11542,7 +11542,7 @@ CVE_STATUS[CVE-2025-21685] = "cpe-stable-backport: Backported in 6.12.11"
 
 CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12"
 
-CVE_STATUS[CVE-2025-21688] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21688] = "cpe-stable-backport: Backported in 6.12.12"
 
 CVE_STATUS[CVE-2025-21689] = "cpe-stable-backport: Backported in 6.12.12"
 
@@ -11570,7 +11570,7 @@ CVE_STATUS[CVE-2025-21701] = "cpe-stable-backport: Backported in 6.12.13"
 
 CVE_STATUS[CVE-2025-21702] = "cpe-stable-backport: Backported in 6.12.14"
 
-CVE_STATUS[CVE-2025-21703] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21703] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2025-21704] = "cpe-stable-backport: Backported in 6.12.16"
 
@@ -11784,7 +11784,7 @@ CVE_STATUS[CVE-2025-21811] = "cpe-stable-backport: Backported in 6.12.13"
 
 CVE_STATUS[CVE-2025-21812] = "cpe-stable-backport: Backported in 6.12.13"
 
-CVE_STATUS[CVE-2025-21813] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21813] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2025-21814] = "cpe-stable-backport: Backported in 6.12.14"
 
@@ -11794,7 +11794,7 @@ CVE_STATUS[CVE-2025-21816] = "cpe-stable-backport: Backported in 6.12.14"
 
 # CVE-2025-21817 needs backporting (fixed from 6.14)
 
-CVE_STATUS[CVE-2025-21819] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21819] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2025-21820] = "cpe-stable-backport: Backported in 6.12.14"
 
@@ -11884,7 +11884,7 @@ CVE_STATUS[CVE-2025-21863] = "cpe-stable-backport: Backported in 6.12.17"
 
 CVE_STATUS[CVE-2025-21864] = "cpe-stable-backport: Backported in 6.12.17"
 
-CVE_STATUS[CVE-2025-21865] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21865] = "cpe-stable-backport: Backported in 6.12.17"
 
 CVE_STATUS[CVE-2025-21866] = "cpe-stable-backport: Backported in 6.12.17"
 
@@ -11958,7 +11958,7 @@ CVE_STATUS[CVE-2025-21900] = "cpe-stable-backport: Backported in 6.12.18"
 
 CVE_STATUS[CVE-2025-21901] = "cpe-stable-backport: Backported in 6.12.18"
 
-CVE_STATUS[CVE-2025-21902] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-21902] = "cpe-stable-backport: Backported in 6.12.19"
 
 CVE_STATUS[CVE-2025-21903] = "cpe-stable-backport: Backported in 6.12.19"
 
@@ -12212,11 +12212,11 @@ CVE_STATUS[CVE-2025-22027] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-22030] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards"
 
-CVE_STATUS[CVE-2025-22032] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-22032] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22033] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12246,9 +12246,9 @@ CVE_STATUS[CVE-2025-22045] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22046] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-22047] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-22047] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-22048] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-22048] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22049] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12300,13 +12300,13 @@ CVE_STATUS[CVE-2025-22072] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22073] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-22074] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-22074] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22075] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22076] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-22077] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-22077] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-22078] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12338,7 +12338,7 @@ CVE_STATUS[CVE-2025-22091] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22092] = "fixed-version: only affects 6.13 onwards"
 
-CVE_STATUS[CVE-2025-22093] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-22093] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-22094] = "fixed-version: only affects 6.13 onwards"
 
@@ -12392,7 +12392,7 @@ CVE_STATUS[CVE-2025-22118] = "fixed-version: only affects 6.13 onwards"
 
 CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards"
 
-CVE_STATUS[CVE-2025-22120] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26"
 
 # CVE-2025-22121 needs backporting (fixed from 6.15rc1)
 
@@ -12506,7 +12506,7 @@ CVE_STATUS[CVE-2025-37750] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards"
 
-CVE_STATUS[CVE-2025-37752] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-37752] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards"
 
@@ -12522,7 +12522,7 @@ CVE_STATUS[CVE-2025-37758] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37759] = "cpe-stable-backport: Backported in 6.12.24"
 
-CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-37760] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37761] = "cpe-stable-backport: Backported in 6.12.25"
 
@@ -12570,7 +12570,7 @@ CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards"
 
-CVE_STATUS[CVE-2025-37784] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37785] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12620,15 +12620,15 @@ CVE_STATUS[CVE-2025-37809] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37810] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37811] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-37811] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37813] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-37813] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-37814] = "cpe-stable-backport: Backported in 6.12.26"
 
-CVE_STATUS[CVE-2025-37815] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-37815] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37816] = "cpe-stable-backport: Backported in 6.12.26"
 
@@ -12686,7 +12686,7 @@ CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.12.24"
 
-CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-37845] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37846] = "cpe-stable-backport: Backported in 6.12.24"
 
@@ -12732,13 +12732,13 @@ CVE_STATUS[CVE-2025-37866] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.12.25"
 
-CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-37868] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37869] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37870] = "cpe-stable-backport: Backported in 6.12.25"
 
-CVE_STATUS[CVE-2025-37871] = "fixed-version: only affects 6.15rc1 onwards"
+CVE_STATUS[CVE-2025-37871] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37872] = "cpe-stable-backport: Backported in 6.12.25"
 
@@ -12786,7 +12786,7 @@ CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-37894 needs backporting (fixed from 6.12.28)
 
-CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.13 onwards"
+# CVE-2025-37895 needs backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards"
 
@@ -12854,7 +12854,7 @@ CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards"
 
 # CVE-2025-37928 needs backporting (fixed from 6.12.28)
 
-CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.15rc1 onwards"
+# CVE-2025-37929 needs backporting (fixed from 6.12.28)
 
 # CVE-2025-37930 needs backporting (fixed from 6.12.28)
 
@@ -12902,7 +12902,7 @@ CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards"
 
 # CVE-2025-37952 needs backporting (fixed from 6.12.29)
 
-CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards"
+# CVE-2025-37953 needs backporting (fixed from 6.12.29)
 
 # CVE-2025-37954 needs backporting (fixed from 6.12.29)
 
@@ -12920,13 +12920,13 @@ CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards"
 
 # CVE-2025-37961 needs backporting (fixed from 6.12.29)
 
-CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.15rc1 onwards"
+# CVE-2025-37962 needs backporting (fixed from 6.12.29)
 
 # CVE-2025-37963 needs backporting (fixed from 6.12.29)
 
-CVE_STATUS[CVE-2025-37964] = "fixed-version: only affects 6.14 onwards"
+# CVE-2025-37964 needs backporting (fixed from 6.12.29)
 
-CVE_STATUS[CVE-2025-37965] = "fixed-version: only affects 6.15rc2 onwards"
+# CVE-2025-37965 needs backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
 
@@ -12944,7 +12944,7 @@ CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
 
 # CVE-2025-37973 needs backporting (fixed from 6.12.29)
 
-CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.13 onwards"
+# CVE-2025-37974 needs backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
 
@@ -12998,7 +12998,7 @@ CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23"
 
-CVE_STATUS[CVE-2025-39735] = "fixed-version: only affects 6.13 onwards"
+CVE_STATUS[CVE-2025-39735] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-39755] = "fixed-version: only affects 6.13 onwards"
 
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index 302ec8ebc9..ea59c15a01 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -42,9 +42,11 @@ def get_fixed_versions(cve_info, base_version):
         if affected["defaultStatus"] == "affected":
             for version in affected["versions"]:
                 v = Version(version["version"])
-                if v == 0:
+                if v == Version('0'):
                     #Skiping non-affected
                     continue
+                if version["status"] == "unaffected" and first_affected and v < first_affected:
+                    first_affected = Version(f"{v.major}.{v.minor}")
                 if version["status"] == "affected" and not first_affected:
                     first_affected = v
                 elif (version["status"] == "unaffected" and

From patchwork Mon May 26 09:29:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Niko Mauno <niko.mauno@vaisala.com>
X-Patchwork-Id: 63669
Return-Path: <niko.mauno@vaisala.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D8D91C54FB3
	for <webhook@archiver.kernel.org>; Mon, 26 May 2025 09:30:00 +0000 (UTC)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com
 (EUR03-VI1-obe.outbound.protection.outlook.com [40.107.103.121])
 by mx.groups.io with SMTP id smtpd.web11.25323.1748251794650781148
 for <openembedded-core@lists.openembedded.org>;
 Mon, 26 May 2025 02:29:56 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="dkim: body hash did not verify" header.i=@vaisala.com
 header.s=selector1 header.b=Xb9GXIff;
 spf=permerror,
 err=parse error for token &{10 18 spf.protection.outlook.com}: limit exceeded
 (domain: vaisala.com, ip: 40.107.103.121, mailfrom: niko.mauno@vaisala.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Lnfmnn8EAminXbACmxR8oY3tSMLZWyPlBszAR4UVFwUK5R11hTxWNB+S4wo1za5x/gAEIGxsRdj1DmMxJKevc5RIWuhW4dOSQtfAeIeDq4TxDOxVFHXmgjoncIeTHfAWJSEJuw+ZQfGHvnfcI0tH2CVc2sDIMhwiD6/GN9+tfe9s1tRDyzqE3yQGbo+aQ2IW8nJ0HYy38MVaf+cf/64oppCnj0VJ7NCxzIpFmDYkMOaQSM3x/QamaTUsYAAJoDNiegS6hbsv8CjSJ2dXpQIxw9ide6b4R8Wgo4V4APuVFwxzTqPTzB2D1d5uSHQHys8b2asC2mT2HW1FGl0YQaxucg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=2ZpbgWo/SofcUv2xTfx/aHTZS9qXysn42KE3qVk8agU=;
 b=VzaGtHjvndYqSSdiGTyiFX3catEzbdjOCCSnWSOAVXB/7pbZQXBgNWKsMkg9PzAJTrY28GbD8pRNnG2N6pOBFt+uuKwi2Q3abkBj1gwGL8L2/d6/aJKiqpMJFpqwY4d4YyFt0EGKdokP0BzwjU7uqxgGJwsw+pgPFukvCpp2sbmUfkuWb60V7rr+44wWLYXPVkx5XYRUtVum4EYqri9612bD+40X6LvHnABGhVk7Umfgp2GGBwl4ijASTdVOHtgixuYN9/jQ8LKXCEiF5cFUdxBrdbyN1qEyId5NOwRLVKGXkPxddR/0t/ihtRULKcFAWUg7UrhCv+6X2jZVbFsPQw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=vaisala.com; dmarc=pass action=none header.from=vaisala.com;
 dkim=pass header.d=vaisala.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vaisala.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=2ZpbgWo/SofcUv2xTfx/aHTZS9qXysn42KE3qVk8agU=;
 b=Xb9GXIffe864vSsrWxIfnbtH+ElGyMOO8nOJ73agS/0KUE4oMFXj4Shc+Tl9E5C4wmC5FPQFxWQkJ/wE6iC5xtuQjf+mTY6WL+gQyDB/WQ+YGmr6mDBQyVB6PKgHYMURsn3gTEvrIDgB3rLQV02eHnUlaF+q1trKuaMnhG1Y1LTp3/2JzPEUXfS3Htgn9RJX17EXfstStX+01nRoavqPPlcZzUAp2xmPAi8q0yWIuWr8K0NGMvwuEDTMfCC2Ihmo5l6YPQedWX36F4vjtB7lkCjKQwIsu+i49L+Ge2kTTdaW9YORBjrhs4UwuPmC3fK/ohEcIMWfIRpddwJj2o5Ssw==
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=vaisala.com;
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com (2603:10a6:20b:4e2::11)
 by AM8PR06MB6836.eurprd06.prod.outlook.com (2603:10a6:20b:1c7::6) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8769.24; Mon, 26 May
 2025 09:29:51 +0000
Received: from AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc]) by AS4PR06MB8447.eurprd06.prod.outlook.com
 ([fe80::af93:b150:b886:b2bc%6]) with mapi id 15.20.8769.022; Mon, 26 May 2025
 09:29:51 +0000
From: Niko Mauno <niko.mauno@vaisala.com>
To: openembedded-core@lists.openembedded.org
CC: Niko Mauno <niko.mauno@vaisala.com>
Subject: [PATCH 3/3] linux: cve-exclusions: Amend terminology
Date: Mon, 26 May 2025 09:29:27 +0000
Message-ID: <20250526092927.2588577-3-niko.mauno@vaisala.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250526092927.2588577-1-niko.mauno@vaisala.com>
References: <20250526092927.2588577-1-niko.mauno@vaisala.com>
X-ClientProxiedBy: GV3PEPF00002BA5.SWEP280.PROD.OUTLOOK.COM
 (2603:10a6:144:1:0:6:0:1c) To AS4PR06MB8447.eurprd06.prod.outlook.com
 (2603:10a6:20b:4e2::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS4PR06MB8447:EE_|AM8PR06MB6836:EE_
X-MS-Office365-Filtering-Correlation-Id: 3100a2dc-9adf-4167-2d4d-08dd9c37dd7b
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: 
	BCL:0;ARA:13230040|1800799024|366016|52116014|376014|38350700014;
X-Microsoft-Antispam-Message-Info: 
 6TuKMSNzk1+Mky5tsOv+CQiV/qvGkfvN1Op1+o7GJzDSzW7EdiWEkr0c+GNeeGakq7TcVmg1Aiu3vcSsP7GMJYKqc4aWIRnilMdD+3IzrsY5vageavt13vxQZm7bCswbp6fw2aXzYe9IqISBKrzwBA0Dr1TsnsJ3HAqbNs0MOf/M5Pkf5OnCdhXF1cg31Y0k1YMYzNRBAcjPkJ9mdvLXkboNdT+N2huB475iCTW/Ln4vc/yQvStHgCalP//shha0Nq+FkL+3eLaWHrtFxXmxxJqFRfRzIwzmHTTqzDJKuxdvZgJOhrtLAUECQE3zyydd01AlWhIMPafjaNop0ipxjtKVW4hSdYqmlH+QbtWK/eE8v6uo4uKac6Vw3+Ab6Ibu3kRnTnL0iCRcj87JnHmbJsLJR2tpiXeQWn0OP0O3QczIsL8+QMEtbE3i8aY0AQrxQg+PeqyHOgzT9X1MShm+EJtUYV8qsWPstatH6wdhg0RfCaxdsuVJMRkkPGBF2gOQCoFltvfr3RqBgIyV7GS+YqcL4rbAR3SpTLGvbUsTDKw77ujptPloDyjBnDiKC6v0vBoliavGIsBBDMdIXndE4KuxKXkVv6wfcLpcYRGk/iX5w34XkFRKPhc0TQ3vpDOtAgOWajgFqypmyPYgA6/PuRSNZl5K7Wk5PtcGZQ8JY1k2P3k9fiT6Ty7JSFFU/dRavbE2SdgiO8nC1RK8BCIv6zhVSM8XAOzJ459gAiDmquz7YhBMo/Qht0rNQZABv5gFZW1r2MMdZJWoKem3PIVMJnbYNheKGPDBoVZE6BsTYpYTind78+R1/icMgNDom7B29qhzaKhckqzkNa0eGBememBmANwVpDom6Qs9OX/seeeQ10h2O71jq36Bse9naY+IU+eX4rTIb3+S8tvFCJ7BOUEKzFu8h070kL6fG9DNTq8EtFShdxQSDRhM0tcdgIkz4VDp07EBfxBlo8wex6lPKuSi9xZw2CyXqTCkEr8tBcIZKSk17TsBBv0xsyQo2EpDdbY7wjJXfCmiWuXSfyvCO+FhYjnAR5ecEiShWohUUZEmMz93aGTxlrupSXzBgtgjD3DdazQ/4U31HxU0WI6lxxfMAiZcuJkmR54/KIv88sMrgzy9ipjTisJPd6Ntvj3igka0VWp3g/jylKJ9DuZvqI54EIQcTxguvfKjaI5KYwzO5RuVjSP9e70zi6dbCiUODy/rspBxOij/STyTOgciR28SD+4cTvhRvlecBoR+uifVQ+d8KintadZ3oCW7XPvLarawlp0r+2c65T4HGwq8IMZOMbeUg8Pfn3YjaFUX3rmYgWQMkWMGApQvcI3r4N0dYZwrJhAqXEQE2nXIwmQPkVV6SwVR9ZKRx15abBCwOVBAa1WjuqSKcLC3PDvsVan2+KImvrvWO5lqO9RpsYCN97aKd8twJxpL+7RaTGAhYY8V02dhXiMRFxRnAN6kq0r+7T1vGFlxz6NEyqrUl4CcHhxKA7EZjs+5T3/N/uOT41E=
X-Forefront-Antispam-Report: 
	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR06MB8447.eurprd06.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(52116014)(376014)(38350700014);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 1KdZsN0Ux4duu7yyH++n64ngwTDIK2k74HY2M/axgYj8U2aFwIQFUjdZ1IApD3/vs3Rb3y+GxLpcV0BNDGkqHwtWYVn+IWliBrZxwO4bf+WjpwVREBpox0uN6IB/zLiHWtPKiGXTz31BwOLdFSGX00GC1vdKQAnS3ocSdCBTFQui/jxjZORSqI2eh3Es9/4OwqRbUWhe3/6SYUnx6RiclPgE+XCz2oxSa8qfsmRooR2rS58M9+tADTAyQa/HkHyb5RnbI5V1KgS06qsgsInA/xHHo2W+YehBvGJAIWbZkd+kFLgDlQAqSm+gOwSFYW9KR8zTlccNUNnXyJtKyNCVy9yBEJ0JhKgm4zy4RWjs3jL5bUWZ2dQJkJZy1ArU081yJNTjPHlPrC91pjG6d5zV9uDyV0LoEGNU3PbdJQBDniOMEzFKTN6rPNRF0FcQDCJzxo/TvW8BCKGtz5cN/N43kYL6glA/66K4m5qdsBuQ2IJLtjhvRyn7mRhBE/ojLNDgF+DExRSOYE496cEeYG8RGLLVj3hKDgNsf2D8ZR7YlcSzWOF3S4Wg77pyC7JU4RlrKJNMva7rtHKOrDNVPds/T4qNclBea22U3HWIr9JPbuitDldnuy9Aa5+X6wVEpacsJ+5HDB9AHtlN/7IINIjRN5YSVU7zaaCVwtMcFnEB0TwGfJBUV/WTqQHBV97UsAps4LCxsmv9h8VOruYV7KIjlL7u35K739T5CXAZKtd+GQ7kVY2cFcoiH3CjBoyK/Yr25g4DGpvmx25TyKthLl1VYLtVmxiv0VpiYR8c/0DFJXOhmo8TEq5MQctf2ZVOXKqHxfduRDvSj6fgoywk1iRUAaJNog6gc/WdI21YrNvPFb/3KQaCLBtUpeBRdA1eXpG8vAsCfrEpXub3ceW+23aCz7H2DegIuit7GapvCPSK8Pf5DfwQ/FMHe1XB/Ni4ggnfOBwZ0n/yvJ0j8wRstssAZ+vrecpombex9LOXccp31Vg3Kmv3RnCwa+qepyygRFSwOUV0gKKEgN8Y8xh6F6D3slNKZQfVnYjERg9e1XLr+C71JtFY0yV61h/19IUipGlMW/0500E6Wr855M0Nj/yN6Vqt6ghXUJCJNJhmrxKznItcF4eWhvuHRvFzDpspSd2adJqq3HZZ+ecmtLX5+hMGJwbFmV5/2X8TsG6H0BKGFEM/fJFBiDR85HU/HEYqmPmLF7SHTqli8Y36Q7M9wHIkRJJJXlM04OeBbxC43CtxygT5xvWlN/AfDmU3Y/alynJDwu1QLwo5JJ85o3KcynB9stHvcZ5RZ0Gp0vSCZfI8cCAnlk1ADbJVtoA88j5yJbzk99+3xpOs7CJpqy7viMaNlvBhvLEz86Co+mBfD+ayUUwlKJpD+7Y0b3Dob12zkapRt5DgkLBP5+aJvWQTMTKnVK/feZaiVNRSkRcqmr7JWwSVuCOSGxEWo/TBOS6Xjf1FYuZe9G2XFyDht6r+12y0a5vsE27T4BD8v4gqTD3AbvX+MtK+Ttvr5jQlE0K2EI2n4xD8zNdFjD6UPgv5g3HBF3pv62ZYhxuJWVgAuGQFfWdE1P9cNIskOIY9MYPgNQDY4KUXWk42qVJ6lI2CBUM2aw==
X-OriginatorOrg: vaisala.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3100a2dc-9adf-4167-2d4d-08dd9c37dd7b
X-MS-Exchange-CrossTenant-AuthSource: AS4PR06MB8447.eurprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 May 2025 09:29:51.1573
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 6d7393e0-41f5-4c2e-9b12-4c2be5da5c57
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 yyx0tyt++7lWnGP/U3dixW9aVP7quDvIov9yMmFVGv3F0mMVNaWsc1ZB8RwvsYpPkcmJXnPLI8S4WBT6jhQ/uQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR06MB6836
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 26 May 2025 09:30:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/217263

Replace the term 'needs backporting' with 'may need backporting' in
generate-cve-exclusions.py when the checked kernel version may or may
not be in the vulnerable version range, thus making backporting
necessary only in the former case.

In tandem we regenerate the content of cve-exclusion_6.12.inc using
https://github.com/CVEProject/cvelistV5.git repository main branch at
git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content
in sync with the script.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
---
 .../linux/cve-exclusion_6.12.inc              | 142 +++++++++---------
 .../linux/generate-cve-exclusions.py          |   2 +-
 2 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index c03ad19a3d..120b1b5ef7 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,6 +1,6 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27
+# Generated at 2025-05-24 12:18:11.126849+00:00 for version 6.12.27
 
 python check_kernel_cve_status_version() {
     this_version = "6.12.27"
@@ -12356,7 +12356,7 @@ CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards"
 
 # CVE-2025-22101 needs backporting (fixed from 6.15rc1)
 
-# CVE-2025-22102 needs backporting (fixed from 6.12.30)
+# CVE-2025-22102 may need backporting (fixed from 6.12.30)
 
 # CVE-2025-22103 needs backporting (fixed from 6.15rc1)
 
@@ -12640,7 +12640,7 @@ CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26"
 
-# CVE-2025-37821 needs backporting (fixed from 6.12.29)
+# CVE-2025-37821 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26"
 
@@ -12776,99 +12776,99 @@ CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20"
 
-# CVE-2025-37890 needs backporting (fixed from 6.12.28)
+# CVE-2025-37890 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37891 needs backporting (fixed from 6.12.28)
+# CVE-2025-37891 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23"
 
-# CVE-2025-37894 needs backporting (fixed from 6.12.28)
+# CVE-2025-37894 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37895 needs backporting (fixed from 6.12.28)
+# CVE-2025-37895 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-37897 needs backporting (fixed from 6.12.28)
+# CVE-2025-37897 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37899 needs backporting (fixed from 6.12.28)
+# CVE-2025-37899 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37900 needs backporting (fixed from 6.12.28)
+# CVE-2025-37900 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37901 needs backporting (fixed from 6.12.28)
+# CVE-2025-37901 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards"
 
-# CVE-2025-37903 needs backporting (fixed from 6.12.28)
+# CVE-2025-37903 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37905 needs backporting (fixed from 6.12.28)
+# CVE-2025-37905 may need backporting (fixed from 6.12.28)
 
 # CVE-2025-37906 needs backporting (fixed from 6.15rc4)
 
-# CVE-2025-37907 needs backporting (fixed from 6.12.28)
+# CVE-2025-37907 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37908 needs backporting (fixed from 6.12.28)
+# CVE-2025-37908 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37909 needs backporting (fixed from 6.12.28)
+# CVE-2025-37909 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37910 needs backporting (fixed from 6.12.28)
+# CVE-2025-37910 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37911 needs backporting (fixed from 6.12.28)
+# CVE-2025-37911 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37912 needs backporting (fixed from 6.12.28)
+# CVE-2025-37912 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37913 needs backporting (fixed from 6.12.28)
+# CVE-2025-37913 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37914 needs backporting (fixed from 6.12.28)
+# CVE-2025-37914 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37915 needs backporting (fixed from 6.12.28)
+# CVE-2025-37915 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37916 needs backporting (fixed from 6.12.28)
+# CVE-2025-37916 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37917 needs backporting (fixed from 6.12.28)
+# CVE-2025-37917 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37918 needs backporting (fixed from 6.12.28)
+# CVE-2025-37918 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37919 needs backporting (fixed from 6.12.28)
+# CVE-2025-37919 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37920 needs backporting (fixed from 6.12.28)
+# CVE-2025-37920 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37921 needs backporting (fixed from 6.12.28)
+# CVE-2025-37921 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37922 needs backporting (fixed from 6.12.28)
+# CVE-2025-37922 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37923 needs backporting (fixed from 6.12.28)
+# CVE-2025-37923 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37924 needs backporting (fixed from 6.12.28)
+# CVE-2025-37924 may need backporting (fixed from 6.12.28)
 
 # CVE-2025-37925 needs backporting (fixed from 6.15rc1)
 
-# CVE-2025-37926 needs backporting (fixed from 6.12.28)
+# CVE-2025-37926 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37927 needs backporting (fixed from 6.12.28)
+# CVE-2025-37927 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37928 needs backporting (fixed from 6.12.28)
+# CVE-2025-37928 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37929 needs backporting (fixed from 6.12.28)
+# CVE-2025-37929 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37930 needs backporting (fixed from 6.12.28)
+# CVE-2025-37930 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37931 needs backporting (fixed from 6.12.28)
+# CVE-2025-37931 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37932 needs backporting (fixed from 6.12.28)
+# CVE-2025-37932 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37933 needs backporting (fixed from 6.12.28)
+# CVE-2025-37933 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37934 needs backporting (fixed from 6.12.28)
+# CVE-2025-37934 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37935 needs backporting (fixed from 6.12.28)
+# CVE-2025-37935 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37936 needs backporting (fixed from 6.12.28)
+# CVE-2025-37936 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12888,63 +12888,63 @@ CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24"
 
-# CVE-2025-37946 needs backporting (fixed from 6.12.29)
+# CVE-2025-37946 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37947 needs backporting (fixed from 6.12.29)
+# CVE-2025-37947 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37948 needs backporting (fixed from 6.12.29)
+# CVE-2025-37948 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37949 needs backporting (fixed from 6.12.29)
+# CVE-2025-37949 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-37951 needs backporting (fixed from 6.12.29)
+# CVE-2025-37951 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37952 needs backporting (fixed from 6.12.29)
+# CVE-2025-37952 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37953 needs backporting (fixed from 6.12.29)
+# CVE-2025-37953 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37954 needs backporting (fixed from 6.12.29)
+# CVE-2025-37954 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37955 needs backporting (fixed from 6.12.29)
+# CVE-2025-37955 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37956 needs backporting (fixed from 6.12.29)
+# CVE-2025-37956 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37957 needs backporting (fixed from 6.12.29)
+# CVE-2025-37957 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37958 needs backporting (fixed from 6.12.29)
+# CVE-2025-37958 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37959 needs backporting (fixed from 6.12.29)
+# CVE-2025-37959 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37960 needs backporting (fixed from 6.12.29)
+# CVE-2025-37960 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37961 needs backporting (fixed from 6.12.29)
+# CVE-2025-37961 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37962 needs backporting (fixed from 6.12.29)
+# CVE-2025-37962 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37963 needs backporting (fixed from 6.12.29)
+# CVE-2025-37963 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37964 needs backporting (fixed from 6.12.29)
+# CVE-2025-37964 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37965 needs backporting (fixed from 6.12.29)
+# CVE-2025-37965 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-37967 needs backporting (fixed from 6.12.30)
+# CVE-2025-37967 may need backporting (fixed from 6.12.30)
 
-# CVE-2025-37968 needs backporting (fixed from 6.12.30)
+# CVE-2025-37968 may need backporting (fixed from 6.12.30)
 
-# CVE-2025-37969 needs backporting (fixed from 6.12.29)
+# CVE-2025-37969 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37970 needs backporting (fixed from 6.12.29)
+# CVE-2025-37970 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37971 needs backporting (fixed from 6.12.29)
+# CVE-2025-37971 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37972 needs backporting (fixed from 6.12.29)
+# CVE-2025-37972 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37973 needs backporting (fixed from 6.12.29)
+# CVE-2025-37973 may need backporting (fixed from 6.12.29)
 
-# CVE-2025-37974 needs backporting (fixed from 6.12.29)
+# CVE-2025-37974 may need backporting (fixed from 6.12.29)
 
 CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
 
@@ -12976,9 +12976,9 @@ CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26"
 
-# CVE-2025-37990 needs backporting (fixed from 6.12.28)
+# CVE-2025-37990 may need backporting (fixed from 6.12.28)
 
-# CVE-2025-37991 needs backporting (fixed from 6.12.28)
+# CVE-2025-37991 may need backporting (fixed from 6.12.28)
 
 CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23"
 
diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index ea59c15a01..b45c2d5702 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -141,7 +141,7 @@ do_cve_check[prefuncs] += "check_kernel_cve_status_version"
                         f'CVE_STATUS[{cve}] = "cpe-stable-backport: Backported in {backport_ver}"'
                     )
                 else:
-                    print(f"# {cve} needs backporting (fixed from {backport_ver})")
+                    print(f"# {cve} may need backporting (fixed from {backport_ver})")
             else:
                 print(f"# {cve} needs backporting (fixed from {fixed})")