From patchwork Wed Jul 2 03:11:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66063 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D060FC8303D for ; Wed, 2 Jul 2025 03:12:20 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.15019.1751425939014142367 for ; Tue, 01 Jul 2025 20:12:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=IxWu5q41; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-749248d06faso6529549b3a.2 for ; Tue, 01 Jul 2025 20:12:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425938; x=1752030738; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6g3GEjqwCOMbDi1eW11RIQfJ5EaulEOaB0WJVRz2OCg=; b=IxWu5q41jPYuhnbQzeEkwNyZ+/ZmxXbQCTlzngQ4+rqE/TE+ak/3yGedvaIOXii8UT nVSGVrt+jl+5oM/4Qt0Yd8lSbzq+7H9E8IuAYWslVNSPZ5VEAUClstQ+f/bSzFUAH2PH luHCVUTbakCUr+CmSyNDuFenjAJDsiq9DZ9i1peKP6VmKtqDEPSTmfw2ddm5OxBnUbm8 oA9MifxLndkCe5KvLNQuETPWv/juSQ4A71h7bhq/Gy5biimnRD44CFqAgw8BXunVFsAu KwIJN5Mv/ko0t7mUKx77pyNnx9IbIpXh2mp6nhHrYJstc7VZS+u8sbRdO4PriL5BWqDw FKgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425938; x=1752030738; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6g3GEjqwCOMbDi1eW11RIQfJ5EaulEOaB0WJVRz2OCg=; b=hCjwxzyS7OReHHiomZAjvs+wpmnDHSPLoc3aZs1yT1F4GdLUDwanxkkfZCqNTKHxWj plV6iIGhyiMuB7kD0tz6aSDqI11LP3j/mTyTI1qDuffFnXT3SpDP73viVI6o2rEjMPJf weQs4uSsKUpl7MRuKDTND2UOU/VoKqasIdBKbl2kobDQ8Pw/v687JibVeWggCQYMPdET W4INl+iGKjxNWK2+uqKCy4Ps/Yso3a7J/Qn5xi684WgwHLlIgnEkbronefbmr8TkRfcH NWsYVVntnQGrtkO6h33QiVLhOiv7u16Gl1ZDl6NrP4SoDOk++1GNqChshzTqjAhVOU7T ZeVA== X-Gm-Message-State: AOJu0YyfENSZfHV6HGrlo6IGKpKxT7OTsJfDJueg3I+uBcSx8b8Gtx9D rdiXvy+QhC19j33IJ0jDBiU5wQk38juagWa0BSLhlXkIpNB4HP4cbw3z5e2ncW3ubO/ATEK7Bi4 LoJYb X-Gm-Gg: ASbGncstMmYfYOfBVJtl7sKkpIhTpz9b3+UyXdjhT+yBK4syUF7Wfhv7/Pwp8AFyU8l 8TPCsqNIL1SSaphR5sJkKyRYgzrhFKdAmTNmasNCnbvWrn2VF6qaNFXDI0pm+BwSdBhuEG00Pym iiciKXnFiRjF9i8v+Df5WxeUVnM79eXgH9ceb/TGQL1zPY/rFsYJvGVjP1UouLs6ZNw0usbcRq7 y8Fy+28SW2xiJypqq3vj1B3gij7Rzi9fXe5QPjGKKX+z1c840QkWc3irHRoET6kxUJw/Ek9DZZi wy2bjvIW5Q1G7goOzjNStGNbpFbqXNa2lqyk1YcnZVIFut86OlXLmQ== X-Google-Smtp-Source: AGHT+IEPr2oFQqlnqdQJLlqDBVSXK/aLbYXu3tMfpHbZFVgijZCA3OBmpn3+GDGGApe7NbRlB8OulQ== X-Received: by 2002:a05:6a00:1391:b0:749:464a:a77b with SMTP id d2e1a72fcca58-74b5126bb8emr1785607b3a.18.1751425938013; Tue, 01 Jul 2025 20:12:18 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 01/19] linux/generate-cve-exclusions: use data from CVEProject Date: Tue, 1 Jul 2025 20:11:46 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219755 From: Daniel Turull The old script was relying on linuxkernelcves.com that was archived in May 2024 when kernel.org became a CNA. The new script reads CVE json files from the datadir that can be either from the official kernel.org CNA [1] or CVEProject [2] [1] https://git.kernel.org/pub/scm/linux/security/vulns.git [2] https://github.com/CVEProject/cvelistV5 Signed-off-by: Daniel Turull Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 12612e8680798bdce39fbb79885e661596dbd53c) Signed-off-by: Steve Sakoman --- .../linux/generate-cve-exclusions.py | 116 +++++++++++++----- 1 file changed, 85 insertions(+), 31 deletions(-) diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index aa9195aab4..82fb4264e3 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -1,7 +1,7 @@ #! /usr/bin/env python3 # Generate granular CVE status metadata for a specific version of the kernel -# using data from linuxkernelcves.com. +# using json data from cvelistV5 or vulns repository # # SPDX-License-Identifier: GPL-2.0-only @@ -9,7 +9,8 @@ import argparse import datetime import json import pathlib -import re +import os +import glob from packaging.version import Version @@ -25,22 +26,75 @@ def parse_version(s): return Version(s) return None +def get_fixed_versions(cve_info, base_version): + ''' + Get fixed versionss + ''' + first_affected = None + fixed = None + fixed_backport = None + next_version = Version(str(base_version) + ".5000") + for affected in cve_info["containers"]["cna"]["affected"]: + # In case the CVE info is not complete, it might not have default status and therefore + # we don't know the status of this CVE. + if not "defaultStatus" in affected: + return first_affected, fixed, fixed_backport + if affected["defaultStatus"] == "affected": + for version in affected["versions"]: + v = Version(version["version"]) + if v == 0: + #Skiping non-affected + continue + if version["status"] == "affected" and not first_affected: + first_affected = v + elif (version["status"] == "unaffected" and + version['versionType'] == "original_commit_for_fix"): + fixed = v + elif base_version < v and v < next_version: + fixed_backport = v + elif affected["defaultStatus"] == "unaffected": + # Only specific versions are affected. We care only about our base version + if "versions" not in affected: + continue + for version in affected["versions"]: + if "versionType" not in version: + continue + if version["versionType"] == "git": + continue + v = Version(version["version"]) + # in case it is not in our base version + less_than = Version(version["lessThan"]) + + if not first_affected: + first_affected = v + fixed = less_than + if base_version < v and v < next_version: + first_affected = v + fixed = less_than + fixed_backport = less_than + + return first_affected, fixed, fixed_backport + +def is_linux_cve(cve_info): + '''Return true is the CVE belongs to Linux''' + if not "affected" in cve_info["containers"]["cna"]: + return False + for affected in cve_info["containers"]["cna"]["affected"]: + if not "product" in affected: + return False + if affected["product"] == "Linux" and affected["vendor"] == "Linux": + return True + return False def main(argp=None): parser = argparse.ArgumentParser() - parser.add_argument("datadir", type=pathlib.Path, help="Path to a clone of https://github.com/nluedtke/linux_kernel_cves") + parser.add_argument("datadir", type=pathlib.Path, help="Path to a clone of https://github.com/CVEProject/cvelistV5 or https://git.kernel.org/pub/scm/linux/security/vulns.git") parser.add_argument("version", type=Version, help="Kernel version number to generate data for, such as 6.1.38") args = parser.parse_args(argp) datadir = args.datadir version = args.version - base_version = f"{version.major}.{version.minor}" - - with open(datadir / "data" / "kernel_cves.json", "r") as f: - cve_data = json.load(f) - - with open(datadir / "data" / "stream_fixes.json", "r") as f: - stream_data = json.load(f) + base_version = Version(f"{version.major}.{version.minor}") print(f""" # Auto-generated CVE metadata, DO NOT EDIT BY HAND. @@ -55,17 +109,23 @@ python check_kernel_cve_status_version() {{ do_cve_check[prefuncs] += "check_kernel_cve_status_version" """) - for cve, data in cve_data.items(): - if "affected_versions" not in data: - print(f"# Skipping {cve}, no affected_versions") - print() - continue + # Loop though all CVES and check if they are kernel related, newer than 2015 + pattern = os.path.join(datadir, '**', "CVE-20*.json") - affected = data["affected_versions"] - first_affected, fixed = re.search(r"(.+) to (.+)", affected).groups() - first_affected = parse_version(first_affected) - fixed = parse_version(fixed) + files = glob.glob(pattern, recursive=True) + for cve_file in sorted(files): + # Get CVE Id + cve = cve_file[cve_file.rfind("/")+1:cve_file.rfind(".json")] + # We process from 2015 data, old request are not properly formated + year = cve.split("-")[1] + if int(year) < 2015: + continue + with open(cve_file, 'r', encoding='utf-8') as json_file: + cve_info = json.load(json_file) + if not is_linux_cve(cve_info): + continue + first_affected, fixed, backport_ver = get_fixed_versions(cve_info, base_version) if not fixed: print(f"# {cve} has no known resolution") elif first_affected and version < first_affected: @@ -75,19 +135,13 @@ do_cve_check[prefuncs] += "check_kernel_cve_status_version" f'CVE_STATUS[{cve}] = "fixed-version: Fixed from version {fixed}"' ) else: - if cve in stream_data: - backport_data = stream_data[cve] - if base_version in backport_data: - backport_ver = Version(backport_data[base_version]["fixed_version"]) - if backport_ver <= version: - print( - f'CVE_STATUS[{cve}] = "cpe-stable-backport: Backported in {backport_ver}"' - ) - else: - # TODO print a note that the kernel needs bumping - print(f"# {cve} needs backporting (fixed from {backport_ver})") + if backport_ver: + if backport_ver <= version: + print( + f'CVE_STATUS[{cve}] = "cpe-stable-backport: Backported in {backport_ver}"' + ) else: - print(f"# {cve} needs backporting (fixed from {fixed})") + print(f"# {cve} needs backporting (fixed from {backport_ver})") else: print(f"# {cve} needs backporting (fixed from {fixed})") From patchwork Wed Jul 2 03:11:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66065 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4B98C83038 for ; Wed, 2 Jul 2025 03:12:30 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.15023.1751425948546144519 for ; Tue, 01 Jul 2025 20:12:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=t7T7n0Rw; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-742c7a52e97so6327838b3a.3 for ; Tue, 01 Jul 2025 20:12:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425948; x=1752030748; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=0sE+QHyOn/81eB7j269LjqD2GWyIAz2xdma1FvKprIk=; b=t7T7n0RwlG4jYgy6S6b4e+qVV9wtGEkTsuYvuWWV56cwshf1lv0JxZEFE7NowPr/Kg ROaEKbYsyLcb2v48bIun9G4bYXY6mgqDgREp8fFRSiYjG6JEn2DuvBAzGgf0Lq3sJWgg bjRYgw6yb8wABU6PIFyp//ZwxPZ5hQV9RPz6943ArfBeA5p7H+QzisiMyvwcJismCZpj kljknSXbacdFosuwgyX/F8NEUqxhicGSc0ei9wnO/+dH3cuxS5BvaSC6IgbclBkXBRdg FtD6FvWZS3bMUq8o6lR688U6Imuess6pySzoVicQvI1pucvQy8ijI0rddJs0FFlGfCtM 4Hog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425948; x=1752030748; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0sE+QHyOn/81eB7j269LjqD2GWyIAz2xdma1FvKprIk=; b=I996mmofWihQEDZzaUAZ2zIt9cKWXE7zvz3pffTbvvUNPsVjUZ066k6rqWZd0hwIm0 Tb5e2/i/EMhOwLT1m9+1RD+bj5ueDefVUPY5QbLlnlhl3w/BJGcxsetBjy1tEmYWHeK0 kffJEXKKOy0YYQGl+OgToExZQpiOmk/IkFqMRPlAfrmMzqMfgX89VwO4lu4fRT8zhBof ZrGtiUx+iMo8V++XUx49/aIXbSaSU9Z3qAU627GpohG3851s0kQqoxUg2Qzr1nqUeoPm POxyQOVktaQYplWsItW8PVoDhfRVFf9oVArwEiNzbGhx/DH2W36sI7t6wbA5uB4whRZX UawA== X-Gm-Message-State: AOJu0YzuLE2+BqwvRbVLFqTKC1MBNVj61KeMgIDDZHmL8HHRDEZMlEe7 lcLEIpVecE4T+ZUtTyIDZehrhnYmSwLb7YX+JPK61WdOJK+6gmTNTsPaYO+ldA2aQZUWa9Dxmi/ VLXCm X-Gm-Gg: ASbGncvbnuRSTO7NTt632wMsBdkbeTcyaKhNW3YFxaUVyE3EjfEaCp2Cj9Enw371ddf 6gJXNvUktag6EsUTrwLLg7cRWePt5kXJdSWNY3B2uu2ShMXb0yJD8kMknL9VhMJ8g8oesUNJbPO PS5q//fYW5jIyl6YJNTZEZfWDIbC+yRO3sHKCOM/BK7oDNqS0nJlq1dOtGdh5J7d1EX6MQcJnRa AOqkgJtoDFREkywUlnTSYRx6VeJ3IyJmHwCnBWWpRyegPGxIiHmaYBMFlJ1OZ2P63S1gVvAOiAO FLrbZa5MN+ytwGLPzuVGoSAkh97FM0btbQWl0+ks26ir37ftrCdnYw== X-Google-Smtp-Source: AGHT+IEyM9T2wNOsgKQ3935lSy0i5Dcba5YAwbBB7jecGQEpeSMVt7hDEpy7l+5RFMdQOoMJbaFqSA== X-Received: by 2002:a05:6a00:8c6:b0:740:6f69:8d94 with SMTP id d2e1a72fcca58-74b50c71fd9mr1848595b3a.0.1751425947773; Tue, 01 Jul 2025 20:12:27 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 04/19] cve-exclusions: correct cve status for 5 entries Date: Tue, 1 Jul 2025 20:11:49 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219757 From: Daniel Turull In commit 8a7af09feb the CVE_STATUS was copy from the old data for 6.6 kernel, which had backport information. Correcting status to when the fix was introduced and adding references to the fixes. Fixes: 8a7af09febc28477094de0999ab6321d910811b2 Reported-by: Peter Marko Signed-off-by: Daniel Turull Signed-off-by: Richard Purdie (cherry picked from commit fc3e32bc4cf79ddce0eb9fa409656de4dc0e00ea) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/cve-exclusion.inc | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc index 5f96a81bdd..f1b7db44b6 100644 --- a/meta/recipes-kernel/linux/cve-exclusion.inc +++ b/meta/recipes-kernel/linux/cve-exclusion.inc @@ -141,12 +141,17 @@ CVE_STATUS[CVE-2023-4155] = "fixed-version: Fixed from version 6.5rc6" CVE_STATUS[CVE-2023-6176] = "fixed-version: Fixed from version 6.6rc2" -CVE_STATUS[CVE-2023-6270] = "cpe-stable-backport: Backported in 6.6.23" +# Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f98364e926626c678fb4b9004b75cacf92ff0662 +CVE_STATUS[CVE-2023-6270] = "fixed-version: Fixed from 6.9" -CVE_STATUS[CVE-2023-6610] = "cpe-stable-backport: Backported in 6.6.13" +# Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=567320c46a60a3c39b69aa1df802d753817a3f86 +CVE_STATUS[CVE-2023-6610] = "fixed-version: Fixed from 6.7rc7" -CVE_STATUS[CVE-2023-6679] = "fixed-version: only affects 6.7rc1 onwards" +#Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=65c95f78917ea6fa7ff189a2c19879c4fe161873 +CVE_STATUS[CVE-2023-6679] = "fixed-version: Fixed from 6.7rc6" -CVE_STATUS[CVE-2023-7042] = "cpe-stable-backport: Backported in 6.6.23" +#Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ad25ee36f00172f7d53242dc77c69fff7ced0755 +CVE_STATUS[CVE-2023-7042] = "fixed-version: Fixed from 6.9rc1" -CVE_STATUS[CVE-2024-0193] = "cpe-stable-backport: Backported in 6.6.10" +#Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a +CVE_STATUS[CVE-2024-0193] = "fixed-version: Fixed from 6.7" From patchwork Wed Jul 2 03:11:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66064 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7E1CC8303D for ; Wed, 2 Jul 2025 03:12:30 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web10.15051.1751425950363737562 for ; Tue, 01 Jul 2025 20:12:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=d0Jnpjvi; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-74264d1832eso4874988b3a.0 for ; Tue, 01 Jul 2025 20:12:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425950; x=1752030750; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CeKBdhFgDGcV3HEvKka7M6jm0TLSJPvOXtCPjxOJrkg=; b=d0JnpjviCGEt3sAZX+qV2Ip6PDUVTnqb0wALibfQBRyR2TFXxtH0SEer3fzvk8+xHM 8jnLQ4RfgREaUPc0vQlHcGPohWFY/+RTYPD4lURg/DMKHO6r1mfowYBi/koOWrf6chJg SfKljweLyZXWksPhGfLBgIvwVEHXd22tPos75+qVEMrk0adtQmXhfEp5rQlKkPOR1ukx 7L6AWWlVFe2pXmfPDqZEVdJpenVLyiliWpRhR11XH75qCHHjC8ZROajMIFFHOngJT9c1 d1J89nwqovsHGHihPt8qbh9Ag0gpR7V2wPxT7VCvJXw4L4iJeTGKvbTGtOIuBrjYVjjB YC7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425950; x=1752030750; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CeKBdhFgDGcV3HEvKka7M6jm0TLSJPvOXtCPjxOJrkg=; b=hVUUojW/mTaHB+dfSGj2nCSpmURmOdFQq5lazkVx10qkqcFgfeiN8bbGlxbjAoKajH Hf0oMh4pfFkuybh7AWGYI6c6W0h2lwzCBHB0XmDsOB636OCfR+Rm0R1unarV08U0eWsh uyrukI+MDdJIkYvM7l46ZxTDTAbB8l7AJi0tGhRq3JOR9ZUOfGfw1oufNuu71lRXLpiN Cd88iW+/OZV5+a3WdLstQRUfSzNpyVnQIZ6hZq0PjHgtnfhdmAfkW3WmpFIFkh1SHIe0 pv4SB0y6M06Uxt5wP9dFr59b3cf0IKQBI8cAiwO/cQfuS2L+gcoH6nvHRnMMtHKjX6qD P7qQ== X-Gm-Message-State: AOJu0Yw6otRZXDk4gAgG10Chjm1JWXf7NvcMq9WPAgtr9hHzcbYQMsXw yP/x4ltoweTt83pmO1Hw57Sj3i+mbgHo0JTxn2X6PkSXNmwwBM34MFQeyzIa/E3FXl53gsYeCcZ 0Vujw X-Gm-Gg: ASbGnctNcuKLsbaT7voQAQ453n8adcRGM8TdMu/HHahvYnjzdGxz2dINfh64zRK2MgC QypJWej7v4L21Go64pxovzix4pSkB5nyqTvJ7+VkQgpiFrRYdImwAGqGbOcQ+MQoDoHFIW3nM8q mPuYZb+KW+Syo9KqjmqzeJpnBwftR+TZV1Z6aSzkf7ory34uXaD9mIIe6fLo1GaMuQOuKND9TCR AEvhlgdiXoZzdKEosEyk7n/byihf/+3YEErkpHocVpVTTkuXmjFAE7/DxywtpCU/ExrUudhJSNL vLuimGTGRQ1lj9xjfQ7zUT1BZDWjkdNjpnQsbSEiBy4jOfboA2v0DQ== X-Google-Smtp-Source: AGHT+IE85PIBxK9BhVU/x/KI0RrQms2pQehG4YNQW5+T5gw2lqM1ou911eVGCkuqsLIKCD/n+FaA7g== X-Received: by 2002:a05:6a20:7488:b0:1f5:931d:ca6d with SMTP id adf61e73a8af0-222d7daa533mr2598669637.1.1751425949595; Tue, 01 Jul 2025 20:12:29 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 05/19] linux/cve-exclusion: update with latest cvelistV5 Date: Tue, 1 Jul 2025 20:11:50 -0700 Message-ID: <9e3bff5413a55675ef0ff9bca0cc8b87668dc255.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219759 From: Peter Marko This is preparation for fix in the script so that next update shows only entries updated by the script change. Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit 583e9f15c01555863ae467c7f91729ce85aae194) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/cve-exclusion_6.12.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index a25cd3adaa..24d5631588 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-04-25 11:23:06.829517+00:00 for version 6.12.23 +# Generated at 2025-04-27 08:54:24.704112+00:00 for version 6.12.23 python check_kernel_cve_status_version() { this_version = "6.12.23" @@ -11860,7 +11860,7 @@ CVE_STATUS[CVE-2025-22120] = "fixed-version: only affects 6.13 onwards" # CVE-2025-22125 needs backporting (fixed from 6.15rc1) -# CVE-2025-22126 needs backporting (fixed from 6.15rc1) +# CVE-2025-22126 needs backporting (fixed from 6.12.25) # CVE-2025-22127 needs backporting (fixed from 6.15rc1) From patchwork Wed Jul 2 03:11:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66066 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D38E7C83038 for ; Wed, 2 Jul 2025 03:12:40 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.15053.1751425951593506182 for ; Tue, 01 Jul 2025 20:12:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=A0knVPuc; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-747fc77bb2aso3774115b3a.3 for ; Tue, 01 Jul 2025 20:12:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425951; x=1752030751; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zNSWUnXJ3xOYZVEXX4gRy3F6yggtIF8qgenuDpR3kvM=; b=A0knVPuchi2fd80j3fc2mL8SGiyq8hjkxuXuj1avrfal6Kw4OMLyaNgX1AuojVj3Xb 9hU3LDJnWWaO6e6Y/hQ/2QRHuH3MLqDioihghBbilj/OEoDvlM3FhghobAeU8eoFs2OJ zrrMQWEOzSWGFNGHK/su3VqZfb2NPTPru1senrTeSDxpHziOhyDqGLgShRhpEkdCp/KO atPNLnLQ50Vou6SynAbliQOd84AmYTckBit3Gz2y5k226NARleYmj0AOC19Vnc34xcuI WjP9KQm0I5lvI2pNEuNXzdYwcImBr3o4NmJpQ2PIKQbHmRM3QV3fe0bLRmwD+roPmcUJ LyAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425951; x=1752030751; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zNSWUnXJ3xOYZVEXX4gRy3F6yggtIF8qgenuDpR3kvM=; b=Or1N1LWZDnx+FMZeAhfxEm2I8/r6fzcN0+jQtPMHGAAjZ4gMfW6OKD6Lm+2O5v5Owe MOJPM85FrrsZmvYVE+F0pd4ct9X8N7xwbmqBkmvPFCXQ/fZ1DBEjwnh/r7i4Joml/SjH YxD25lbBDdXxCY5Eo1H8ujTXU79poQCioI14zPr7IuS0hKyoOjtT1dU5HeGqGHOwbUxN htlSlTMLdkvW7CUJIo5FxnrLMVM7lPfLiTt9f7cMQgIG9rLAJw/UanVWiS6qcQlkmerr zMklnZ6CKZae++eYSL6172uuHIoGSVRcNjiwBjYD1U5fVFclwVv0vstLJ5v0TEemThMb cCZw== X-Gm-Message-State: AOJu0YxhElZy3fzpM1L7Ve9wgyGLaGRgZ2osUX11tojx5M7t7bSDJ3D7 xgTD6Kyh8hxfpyshnmn1di2udyPWBqHP7EYYbx3ChqypQrydWw/uf50oLpyDP4QAvpejeiROOLo 3Mo6y X-Gm-Gg: ASbGncvsuBnWuHTcSlPDxT3Es/bGRW+o7SPgyKYB0z8+EceB66Ec+3dCc3G61DTEoC/ cs2899UgdXSv29WG9cN0ArtUQ+bLaLqCmWz1YcqQwbg40k7KjTaQxxVJq+AkZ5Vkvu2nlGHdm7/ HfNDtn1YthEhIiyc9Ikej1/dIzCLn0i1cgRP5QpAOW2nVqEptcUDh8iViuejGj5QJ4X0C3VpUaJ D26I3xN1gXV6NBMKHlxBt7kCDfZtauRGVXg7NGeG5yLHS0MjR4i8NAGP74La18BKcrP6fk2iCRR 4R8Etnje2F6EGi1hZX1JLnUYAvcZrfgInw7OF/P1wsaB63Eq5fRsrA== X-Google-Smtp-Source: AGHT+IHFfBsM48wlJ38n5nw4HF6aFKDtIjHjYeOe+7QXOtZBB2OaWycqo9yHedioS9nqPFpo3Z3YtA== X-Received: by 2002:a05:6a00:c94:b0:742:4545:2d2b with SMTP id d2e1a72fcca58-74b50e5cd3dmr1792312b3a.3.1751425950839; Tue, 01 Jul 2025 20:12:30 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:30 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 06/19] linux/cve-exclusion: correct fixed-version calculation Date: Tue, 1 Jul 2025 20:11:51 -0700 Message-ID: <4e2c441b64675933cc5f684d0e19cdc18ceaab18.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219760 From: Peter Marko Current code takes the first version found as "fixed-version". That is not correct as it is almost always only the oldest backport. Fix it by unconditionally shift the assigmnet of variable "fixed" so that we take last instead of first version. Cc: daniel.turull@ericsson.com Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit 68f8e58a249c8adef18e63f0841e8bfea16f354e) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/generate-cve-exclusions.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 82fb4264e3..5c85c0db88 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -67,10 +67,9 @@ def get_fixed_versions(cve_info, base_version): if not first_affected: first_affected = v - fixed = less_than + fixed = less_than if base_version < v and v < next_version: first_affected = v - fixed = less_than fixed_backport = less_than return first_affected, fixed, fixed_backport From patchwork Wed Jul 2 03:11:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66069 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA135C83F03 for ; Wed, 2 Jul 2025 03:12:40 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web11.15026.1751425954581324415 for ; Tue, 01 Jul 2025 20:12:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HVbrLLUR; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-74b56b1d301so23995b3a.1 for ; Tue, 01 Jul 2025 20:12:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425954; x=1752030754; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6cWNSbxVq8ffBpgKBquglQDHz428qaEY2sY39Xz45pg=; b=HVbrLLURHOucssIHPF/fDy3M8hJQOdaw/ihRfLC0fvUIgfZM0rhtTuqoT3Za/8Jsbq uc07RyDiH/+8lB7nXA64K/6QFq07bcTgmg7mfoCAGfVYtvTvP6NhXcIBjUYzMVm2Mdjx GKMyXvzfiaZTssu/a4q84sMF2gwaA6CVIuBTVpRWFI/40+pMN55CgUOyLvPVRtKzL+xy NAGha3mf8S7RJaITB2r2DGceH8CtP6vGINwmvZyiCw3ZY9Hx1HjnopDikqDrdN6KKK+G sdrHHZ+ll6C+aVsGs+G5Aa98DWICibIqQyWlaqoXHijzu6WgLUiSYHUrE4nzhPpAsQV2 FUPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425954; x=1752030754; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6cWNSbxVq8ffBpgKBquglQDHz428qaEY2sY39Xz45pg=; b=oeWatiI6rqAQhNjcT0WXoGyFf7lbVafXLfW2TN4kqpizG46E0Iu+A9eZmwWy3JQ1DL o/d/jKhfKj4dWiw9lZ4oFDlTTl7ie4u7nKBb7KJFr4eYP0BNqTW3B3uuBX3d2CnRfOPT cXhbp6zvcOY5MedKNvDi1o7wK3TjBTYgNWzdeVBWJqYATImT90cigo86VMxLhCJVXdmW kgHJ3gL4GjpE6XLXgCdpRvx0HuVY4k+gDXJ1J9SIsbo11kVjTpMzVMso2q0ySZm+d3tg dY7lU1t2aq6356oJxDUkODllRDMS2/jvi9K6NCgDwBVF0Rej3YaZ7gVXbpzUSdylFstZ eb7Q== X-Gm-Message-State: AOJu0YwFEb09OTMwNeEcGvS7yFdaoBqzvwzRcYbMwDUhktmwLDk/v8ok 5QWTlAVYlRz/BwgtUr5VPL2RQQ5N/rTtC/68EVchLk38jy/uHeJzlqhmXRobHWEP2lMieRJgHCz kbymQ X-Gm-Gg: ASbGncvMcMbTVM2wnFwlS3krEhT+sOw5yE7poxuWKbfLK+C6lsFHtdm5+7oFzmqXyj/ 7z1Yu/leSIoCIT6gG8mviimbZh6+qjuEj4jUTJBuPW0lKNShyOG/7rn0rGqWDxrXJukFhAfHXLn HOuWjm1F9zPN53WRyPt8u/gjrO7YaNYA7qpbhogmQU7xNlIC8qsI6Jo26UHGEuzqw4tfjflc5y6 IfNnqQUorp8c5t/6iZbton1kzPrWjkEgDCsGXsOtDxEWoHlyEXxGb4qNizojrQNGzaKErq6+BKc CrpQvg1x58Q+woK5qcq1nxy0RNboJ3V3BB6wk+whFj57R90h2rUMTw== X-Google-Smtp-Source: AGHT+IFwrrTWSiWLb7o5uLjDQh+lH7Nwry8cDGTwdJ+DZ2x/vlM9Hih4Wqod4NVaFAIQlbu3laSyvA== X-Received: by 2002:a05:6a21:33aa:b0:220:b05c:815a with SMTP id adf61e73a8af0-222d7f086c0mr2519247637.34.1751425953437; Tue, 01 Jul 2025 20:12:33 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 07/19] linux/cve-exclusion: update exclusions after script fixes Date: Tue, 1 Jul 2025 20:11:52 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219761 From: Peter Marko This will shift fixed version of many CVEs, it does not change status of any CVE. Note that the current format of cvelistV5 does not allow us to determine real value of "fixed_in" without also checking the hashes, but the result are still fine. The reason is that many entries are missing original_commit_for_fix field and thus we see the final "fixed_in" version to be set to backport to previous branch (e.g. 6.12.23 instead of 6.13). Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit 1697404589e2d3a625f9da2e8906e47af668c1c3) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 138 +++++++++--------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index 24d5631588..5249572cd4 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-04-27 08:54:24.704112+00:00 for version 6.12.23 +# Generated at 2025-04-27 09:28:35.170900+00:00 for version 6.12.23 python check_kernel_cve_status_version() { this_version = "6.12.23" @@ -96,7 +96,7 @@ CVE_STATUS[CVE-2021-46920] = "fixed-version: Fixed from version 5.12" CVE_STATUS[CVE-2021-46921] = "fixed-version: Fixed from version 5.12" -CVE_STATUS[CVE-2021-46922] = "fixed-version: Fixed from version 5.10.33" +CVE_STATUS[CVE-2021-46922] = "fixed-version: Fixed from version 5.11.17" CVE_STATUS[CVE-2021-46923] = "fixed-version: Fixed from version 5.16" @@ -592,7 +592,7 @@ CVE_STATUS[CVE-2021-47177] = "fixed-version: Fixed from version 5.13" CVE_STATUS[CVE-2021-47178] = "fixed-version: Fixed from version 5.13" -CVE_STATUS[CVE-2021-47179] = "fixed-version: Fixed from version 4.9.271" +CVE_STATUS[CVE-2021-47179] = "fixed-version: Fixed from version 5.12.9" CVE_STATUS[CVE-2021-47180] = "fixed-version: Fixed from version 5.13" @@ -706,7 +706,7 @@ CVE_STATUS[CVE-2021-47237] = "fixed-version: Fixed from version 5.13" CVE_STATUS[CVE-2021-47238] = "fixed-version: Fixed from version 5.13" -CVE_STATUS[CVE-2021-47239] = "fixed-version: Fixed from version 4.4.274" +CVE_STATUS[CVE-2021-47239] = "fixed-version: Fixed from version 5.12.13" CVE_STATUS[CVE-2021-47240] = "fixed-version: Fixed from version 5.13" @@ -1092,7 +1092,7 @@ CVE_STATUS[CVE-2021-47434] = "fixed-version: Fixed from version 5.15" CVE_STATUS[CVE-2021-47435] = "fixed-version: Fixed from version 5.15" -CVE_STATUS[CVE-2021-47436] = "fixed-version: Fixed from version 4.14.252" +CVE_STATUS[CVE-2021-47436] = "fixed-version: Fixed from version 5.14.14" CVE_STATUS[CVE-2021-47437] = "fixed-version: Fixed from version 5.15" @@ -1318,7 +1318,7 @@ CVE_STATUS[CVE-2021-47553] = "fixed-version: Fixed from version 5.16" CVE_STATUS[CVE-2021-47554] = "fixed-version: Fixed from version 5.16" -CVE_STATUS[CVE-2021-47555] = "fixed-version: Fixed from version 5.4.163" +CVE_STATUS[CVE-2021-47555] = "fixed-version: Fixed from version 5.15.6" CVE_STATUS[CVE-2021-47556] = "fixed-version: Fixed from version 5.16" @@ -1390,7 +1390,7 @@ CVE_STATUS[CVE-2021-47593] = "fixed-version: Fixed from version 5.16" CVE_STATUS[CVE-2021-47594] = "fixed-version: Fixed from version 5.16" -CVE_STATUS[CVE-2021-47595] = "fixed-version: Fixed from version 5.10.88" +CVE_STATUS[CVE-2021-47595] = "fixed-version: Fixed from version 5.15.11" CVE_STATUS[CVE-2021-47596] = "fixed-version: Fixed from version 5.16" @@ -1574,11 +1574,11 @@ CVE_STATUS[CVE-2022-48639] = "fixed-version: Fixed from version 6.0" CVE_STATUS[CVE-2022-48640] = "fixed-version: Fixed from version 6.0" -CVE_STATUS[CVE-2022-48641] = "fixed-version: Fixed from version 4.14.295" +CVE_STATUS[CVE-2022-48641] = "fixed-version: Fixed from version 5.19.12" CVE_STATUS[CVE-2022-48642] = "fixed-version: Fixed from version 6.0" -CVE_STATUS[CVE-2022-48643] = "fixed-version: Fixed from version 5.10.146" +CVE_STATUS[CVE-2022-48643] = "fixed-version: Fixed from version 5.19.12" CVE_STATUS[CVE-2022-48644] = "fixed-version: Fixed from version 6.0" @@ -1618,7 +1618,7 @@ CVE_STATUS[CVE-2022-48661] = "fixed-version: Fixed from version 6.0" CVE_STATUS[CVE-2022-48662] = "fixed-version: Fixed from version 6.0" -CVE_STATUS[CVE-2022-48663] = "fixed-version: Fixed from version 5.10.146" +CVE_STATUS[CVE-2022-48663] = "fixed-version: Fixed from version 5.19.12" CVE_STATUS[CVE-2022-48664] = "fixed-version: Fixed from version 6.0" @@ -1634,7 +1634,7 @@ CVE_STATUS[CVE-2022-48669] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2022-48670] = "fixed-version: Fixed from version 6.0" -CVE_STATUS[CVE-2022-48671] = "fixed-version: Fixed from version 5.4.215" +CVE_STATUS[CVE-2022-48671] = "fixed-version: Fixed from version 5.19.11" CVE_STATUS[CVE-2022-48672] = "fixed-version: Fixed from version 6.0" @@ -1770,7 +1770,7 @@ CVE_STATUS[CVE-2022-48750] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48751] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48752] = "fixed-version: Fixed from version 5.10.96" +CVE_STATUS[CVE-2022-48752] = "fixed-version: Fixed from version 5.16.5" CVE_STATUS[CVE-2022-48753] = "fixed-version: Fixed from version 5.17" @@ -1822,17 +1822,17 @@ CVE_STATUS[CVE-2022-48776] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48777] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48778] = "fixed-version: Fixed from version 5.4.181" +CVE_STATUS[CVE-2022-48778] = "fixed-version: Fixed from version 5.16.11" CVE_STATUS[CVE-2022-48779] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48780] = "fixed-version: Fixed from version 5.15.25" +CVE_STATUS[CVE-2022-48780] = "fixed-version: Fixed from version 5.16.11" CVE_STATUS[CVE-2022-48781] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48782] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48783] = "fixed-version: Fixed from version 5.10.102" +CVE_STATUS[CVE-2022-48783] = "fixed-version: Fixed from version 5.16.11" CVE_STATUS[CVE-2022-48784] = "fixed-version: Fixed from version 5.17" @@ -1840,7 +1840,7 @@ CVE_STATUS[CVE-2022-48785] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48786] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48787] = "fixed-version: Fixed from version 4.14.268" +CVE_STATUS[CVE-2022-48787] = "fixed-version: Fixed from version 5.16.11" CVE_STATUS[CVE-2022-48788] = "fixed-version: Fixed from version 5.17" @@ -1878,7 +1878,7 @@ CVE_STATUS[CVE-2022-48804] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48805] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48806] = "fixed-version: Fixed from version 5.4.180" +CVE_STATUS[CVE-2022-48806] = "fixed-version: Fixed from version 5.16.10" CVE_STATUS[CVE-2022-48807] = "fixed-version: Fixed from version 5.17" @@ -1940,13 +1940,13 @@ CVE_STATUS[CVE-2022-48835] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48836] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48837] = "fixed-version: Fixed from version 4.9.308" +CVE_STATUS[CVE-2022-48837] = "fixed-version: Fixed from version 5.16.17" CVE_STATUS[CVE-2022-48838] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48839] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48840] = "fixed-version: Fixed from version 5.15.31" +CVE_STATUS[CVE-2022-48840] = "fixed-version: Fixed from version 5.16.17" CVE_STATUS[CVE-2022-48841] = "fixed-version: Fixed from version 5.17" @@ -2092,13 +2092,13 @@ CVE_STATUS[CVE-2022-48912] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48913] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48914] = "fixed-version: Fixed from version 4.19.233" +CVE_STATUS[CVE-2022-48914] = "fixed-version: Fixed from version 5.16.13" CVE_STATUS[CVE-2022-48915] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48916] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48917] = "fixed-version: Fixed from version 4.9.305" +CVE_STATUS[CVE-2022-48917] = "fixed-version: Fixed from version 5.16.13" CVE_STATUS[CVE-2022-48918] = "fixed-version: Fixed from version 5.17" @@ -2236,7 +2236,7 @@ CVE_STATUS[CVE-2022-48985] = "fixed-version: Fixed from version 6.1" CVE_STATUS[CVE-2022-48986] = "fixed-version: Fixed from version 6.1" -CVE_STATUS[CVE-2022-48987] = "fixed-version: Fixed from version 4.9.336" +CVE_STATUS[CVE-2022-48987] = "fixed-version: Fixed from version 6.0.13" CVE_STATUS[CVE-2022-48988] = "fixed-version: Fixed from version 6.1" @@ -2382,7 +2382,7 @@ CVE_STATUS[CVE-2022-49068] = "fixed-version: Fixed from version 5.18" CVE_STATUS[CVE-2022-49069] = "fixed-version: Fixed from version 5.18" -CVE_STATUS[CVE-2022-49070] = "fixed-version: Fixed from version 5.15.34" +CVE_STATUS[CVE-2022-49070] = "fixed-version: Fixed from version 5.17.3" CVE_STATUS[CVE-2022-49071] = "fixed-version: Fixed from version 5.18" @@ -2778,7 +2778,7 @@ CVE_STATUS[CVE-2022-49270] = "fixed-version: Fixed from version 5.18" CVE_STATUS[CVE-2022-49271] = "fixed-version: Fixed from version 5.18" -CVE_STATUS[CVE-2022-49272] = "fixed-version: Fixed from version 5.10.110" +CVE_STATUS[CVE-2022-49272] = "fixed-version: Fixed from version 5.17.2" CVE_STATUS[CVE-2022-49273] = "fixed-version: Fixed from version 5.18" @@ -3920,7 +3920,7 @@ CVE_STATUS[CVE-2023-52523] = "fixed-version: Fixed from version 6.6" CVE_STATUS[CVE-2023-52524] = "fixed-version: Fixed from version 6.6" -CVE_STATUS[CVE-2023-52525] = "fixed-version: Fixed from version 4.14.327" +CVE_STATUS[CVE-2023-52525] = "fixed-version: Fixed from version 6.5.7" CVE_STATUS[CVE-2023-52526] = "fixed-version: Fixed from version 6.6" @@ -3970,7 +3970,7 @@ CVE_STATUS[CVE-2023-52574] = "fixed-version: Fixed from version 6.6" CVE_STATUS[CVE-2023-52576] = "fixed-version: Fixed from version 6.6" -CVE_STATUS[CVE-2023-52577] = "fixed-version: Fixed from version 4.14.327" +CVE_STATUS[CVE-2023-52577] = "fixed-version: Fixed from version 6.5.6" CVE_STATUS[CVE-2023-52578] = "fixed-version: Fixed from version 6.6" @@ -4246,7 +4246,7 @@ CVE_STATUS[CVE-2023-52743] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-52744] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-52745] = "fixed-version: Fixed from version 5.4.232" +CVE_STATUS[CVE-2023-52745] = "fixed-version: Fixed from version 6.1.12" CVE_STATUS[CVE-2023-52746] = "fixed-version: Fixed from version 6.2" @@ -4622,7 +4622,7 @@ CVE_STATUS[CVE-2023-52975] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-52976] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-52977] = "fixed-version: Fixed from version 4.14.306" +CVE_STATUS[CVE-2023-52977] = "fixed-version: Fixed from version 6.1.11" CVE_STATUS[CVE-2023-52978] = "fixed-version: Fixed from version 6.2" @@ -4634,7 +4634,7 @@ CVE_STATUS[CVE-2023-52981] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-52982] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-52983] = "fixed-version: Fixed from version 5.15.93" +CVE_STATUS[CVE-2023-52983] = "fixed-version: Fixed from version 6.1.11" CVE_STATUS[CVE-2023-52984] = "fixed-version: Fixed from version 6.2" @@ -4720,11 +4720,11 @@ CVE_STATUS[CVE-2023-53025] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53026] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-53028] = "fixed-version: Fixed from version 5.10.165" +CVE_STATUS[CVE-2023-53028] = "fixed-version: Fixed from version 6.1.8" -CVE_STATUS[CVE-2023-53029] = "fixed-version: Fixed from version 5.15.91" +CVE_STATUS[CVE-2023-53029] = "fixed-version: Fixed from version 6.1.8" -CVE_STATUS[CVE-2023-53030] = "fixed-version: Fixed from version 5.15.91" +CVE_STATUS[CVE-2023-53030] = "fixed-version: Fixed from version 6.1.8" CVE_STATUS[CVE-2023-53031] = "fixed-version: Fixed from version 6.2" @@ -4818,7 +4818,7 @@ CVE_STATUS[CVE-2024-26623] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26625] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-26626] = "fixed-version: Fixed from version 6.1.77" +CVE_STATUS[CVE-2024-26626] = "fixed-version: Fixed from version 6.7.4" CVE_STATUS[CVE-2024-26627] = "fixed-version: Fixed from version 6.8" @@ -5114,9 +5114,9 @@ CVE_STATUS[CVE-2024-26778] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26779] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-26780] = "fixed-version: Fixed from version 6.1.81" +CVE_STATUS[CVE-2024-26780] = "fixed-version: Fixed from version 6.7.9" -CVE_STATUS[CVE-2024-26781] = "fixed-version: Fixed from version 5.10.212" +CVE_STATUS[CVE-2024-26781] = "fixed-version: Fixed from version 6.7.9" CVE_STATUS[CVE-2024-26782] = "fixed-version: Fixed from version 6.8" @@ -5138,11 +5138,11 @@ CVE_STATUS[CVE-2024-26790] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26791] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-26792] = "fixed-version: Fixed from version 6.1.81" +CVE_STATUS[CVE-2024-26792] = "fixed-version: Fixed from version 6.7.9" CVE_STATUS[CVE-2024-26793] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-26794] = "fixed-version: Fixed from version 6.6.21" +CVE_STATUS[CVE-2024-26794] = "fixed-version: Fixed from version 6.7.9" CVE_STATUS[CVE-2024-26795] = "fixed-version: Fixed from version 6.8" @@ -5154,7 +5154,7 @@ CVE_STATUS[CVE-2024-26798] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26799] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-26800] = "fixed-version: Fixed from version 6.6.21" +CVE_STATUS[CVE-2024-26800] = "fixed-version: Fixed from version 6.7.9" CVE_STATUS[CVE-2024-26801] = "fixed-version: Fixed from version 6.8" @@ -5528,7 +5528,7 @@ CVE_STATUS[CVE-2024-26995] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-26996] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-26997] = "fixed-version: Fixed from version 4.19.313" +CVE_STATUS[CVE-2024-26997] = "fixed-version: Fixed from version 6.8.8" CVE_STATUS[CVE-2024-26998] = "fixed-version: Fixed from version 6.9" @@ -5580,7 +5580,7 @@ CVE_STATUS[CVE-2024-27021] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-27022] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-27023] = "fixed-version: Fixed from version 6.1.80" +CVE_STATUS[CVE-2024-27023] = "fixed-version: Fixed from version 6.7.7" CVE_STATUS[CVE-2024-27024] = "fixed-version: Fixed from version 6.8" @@ -5848,7 +5848,7 @@ CVE_STATUS[CVE-2024-35813] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-35814] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-35815] = "fixed-version: Fixed from version 4.19.312" +CVE_STATUS[CVE-2024-35815] = "fixed-version: Fixed from version 6.7.12" CVE_STATUS[CVE-2024-35816] = "fixed-version: Fixed from version 6.8" @@ -5864,7 +5864,7 @@ CVE_STATUS[CVE-2024-35822] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-35823] = "fixed-version: Fixed from version 6.8" -CVE_STATUS[CVE-2024-35824] = "fixed-version: Fixed from version 6.1.84" +CVE_STATUS[CVE-2024-35824] = "fixed-version: Fixed from version 6.7.12" CVE_STATUS[CVE-2024-35825] = "fixed-version: Fixed from version 6.8" @@ -6126,7 +6126,7 @@ CVE_STATUS[CVE-2024-35960] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-35961] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-35962] = "fixed-version: Fixed from version 5.10.216" +CVE_STATUS[CVE-2024-35962] = "fixed-version: Fixed from version 6.8.7" CVE_STATUS[CVE-2024-35963] = "fixed-version: Fixed from version 6.9" @@ -6168,7 +6168,7 @@ CVE_STATUS[CVE-2024-35981] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-35982] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-35983] = "fixed-version: Fixed from version 5.4.275" +CVE_STATUS[CVE-2024-35983] = "fixed-version: Fixed from version 6.8.9" CVE_STATUS[CVE-2024-35984] = "fixed-version: Fixed from version 6.9" @@ -6194,7 +6194,7 @@ CVE_STATUS[CVE-2024-35994] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-35995] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-35996] = "fixed-version: Fixed from version 5.15.158" +CVE_STATUS[CVE-2024-35996] = "fixed-version: Fixed from version 6.8.9" CVE_STATUS[CVE-2024-35997] = "fixed-version: Fixed from version 6.9" @@ -6306,7 +6306,7 @@ CVE_STATUS[CVE-2024-36884] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-36886] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-36887] = "fixed-version: Fixed from version 6.6.31" +CVE_STATUS[CVE-2024-36887] = "fixed-version: Fixed from version 6.8.10" CVE_STATUS[CVE-2024-36888] = "fixed-version: Fixed from version 6.9" @@ -6418,7 +6418,7 @@ CVE_STATUS[CVE-2024-36941] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-36943] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-36944] = "fixed-version: Fixed from version 5.15.159" +CVE_STATUS[CVE-2024-36944] = "fixed-version: Fixed from version 6.8.10" CVE_STATUS[CVE-2024-36945] = "fixed-version: Fixed from version 6.9" @@ -6454,7 +6454,7 @@ CVE_STATUS[CVE-2024-36960] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-36961] = "fixed-version: Fixed from version 6.9" -CVE_STATUS[CVE-2024-36962] = "fixed-version: Fixed from version 6.1.91" +CVE_STATUS[CVE-2024-36962] = "fixed-version: Fixed from version 6.8.10" CVE_STATUS[CVE-2024-36963] = "fixed-version: Fixed from version 6.9" @@ -6888,9 +6888,9 @@ CVE_STATUS[CVE-2024-40918] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-40919] = "fixed-version: Fixed from version 6.10" -CVE_STATUS[CVE-2024-40920] = "fixed-version: Fixed from version 6.1.95" +CVE_STATUS[CVE-2024-40920] = "fixed-version: Fixed from version 6.9.6" -CVE_STATUS[CVE-2024-40921] = "fixed-version: Fixed from version 6.1.95" +CVE_STATUS[CVE-2024-40921] = "fixed-version: Fixed from version 6.9.6" CVE_STATUS[CVE-2024-40922] = "fixed-version: Fixed from version 6.10" @@ -7030,7 +7030,7 @@ CVE_STATUS[CVE-2024-40991] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-40992] = "fixed-version: Fixed from version 6.10" -CVE_STATUS[CVE-2024-40993] = "fixed-version: Fixed from version 6.1.96" +CVE_STATUS[CVE-2024-40993] = "fixed-version: Fixed from version 6.9.7" CVE_STATUS[CVE-2024-40994] = "fixed-version: Fixed from version 6.10" @@ -7146,7 +7146,7 @@ CVE_STATUS[CVE-2024-41050] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-41051] = "fixed-version: Fixed from version 6.10" -CVE_STATUS[CVE-2024-41052] = "fixed-version: Fixed from version 6.6.41" +CVE_STATUS[CVE-2024-41052] = "fixed-version: Fixed from version 6.9.10" CVE_STATUS[CVE-2024-41053] = "fixed-version: Fixed from version 6.10" @@ -7324,7 +7324,7 @@ CVE_STATUS[CVE-2024-42101] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-42102] = "fixed-version: Fixed from version 6.10" -CVE_STATUS[CVE-2024-42103] = "fixed-version: Fixed from version 5.15.163" +CVE_STATUS[CVE-2024-42103] = "fixed-version: Fixed from version 6.9.9" CVE_STATUS[CVE-2024-42104] = "fixed-version: Fixed from version 6.10" @@ -7800,7 +7800,7 @@ CVE_STATUS[CVE-2024-43895] = "fixed-version: Fixed from version 6.11" CVE_STATUS[CVE-2024-43896] = "fixed-version: Fixed from version 6.11" -CVE_STATUS[CVE-2024-43897] = "fixed-version: Fixed from version 5.15.167" +CVE_STATUS[CVE-2024-43897] = "fixed-version: Fixed from version 6.10.5" CVE_STATUS[CVE-2024-43899] = "fixed-version: Fixed from version 6.11" @@ -7904,7 +7904,7 @@ CVE_STATUS[CVE-2024-44966] = "fixed-version: Fixed from version 6.11" CVE_STATUS[CVE-2024-44967] = "fixed-version: Fixed from version 6.11" -CVE_STATUS[CVE-2024-44968] = "fixed-version: Fixed from version 6.1.105" +CVE_STATUS[CVE-2024-44968] = "fixed-version: Fixed from version 6.10.5" CVE_STATUS[CVE-2024-44969] = "fixed-version: Fixed from version 6.11" @@ -8156,7 +8156,7 @@ CVE_STATUS[CVE-2024-46732] = "fixed-version: Fixed from version 6.11" CVE_STATUS[CVE-2024-46733] = "fixed-version: Fixed from version 6.11" -CVE_STATUS[CVE-2024-46734] = "fixed-version: Fixed from version 5.15.167" +CVE_STATUS[CVE-2024-46734] = "fixed-version: Fixed from version 6.10.10" CVE_STATUS[CVE-2024-46735] = "fixed-version: Fixed from version 6.11" @@ -8410,7 +8410,7 @@ CVE_STATUS[CVE-2024-46863] = "fixed-version: Fixed from version 6.11" CVE_STATUS[CVE-2024-46864] = "fixed-version: Fixed from version 6.11" -CVE_STATUS[CVE-2024-46865] = "fixed-version: Fixed from version 5.10.227" +CVE_STATUS[CVE-2024-46865] = "fixed-version: Fixed from version 6.10.11" CVE_STATUS[CVE-2024-46866] = "fixed-version: Fixed from version 6.11" @@ -9004,7 +9004,7 @@ CVE_STATUS[CVE-2024-50030] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50031] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-50032] = "fixed-version: Fixed from version 6.6.57" +CVE_STATUS[CVE-2024-50032] = "fixed-version: Fixed from version 6.11.4" CVE_STATUS[CVE-2024-50033] = "fixed-version: Fixed from version 6.12" @@ -9124,7 +9124,7 @@ CVE_STATUS[CVE-2024-50095] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50096] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-50097] = "fixed-version: Fixed from version 6.6.57" +CVE_STATUS[CVE-2024-50097] = "fixed-version: Fixed from version 6.11.4" CVE_STATUS[CVE-2024-50098] = "fixed-version: Fixed from version 6.12" @@ -9348,7 +9348,7 @@ CVE_STATUS[CVE-2024-50208] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50209] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-50210] = "fixed-version: Fixed from version 5.10.229" +CVE_STATUS[CVE-2024-50210] = "fixed-version: Fixed from version 6.11.6" CVE_STATUS[CVE-2024-50211] = "fixed-version: Fixed from version 6.12" @@ -9422,7 +9422,7 @@ CVE_STATUS[CVE-2024-50247] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50248] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-50249] = "fixed-version: Fixed from version 5.15.171" +CVE_STATUS[CVE-2024-50249] = "fixed-version: Fixed from version 6.11.7" CVE_STATUS[CVE-2024-50250] = "fixed-version: Fixed from version 6.12" @@ -9580,7 +9580,7 @@ CVE_STATUS[CVE-2024-53058] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-53059] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-53060] = "fixed-version: Fixed from version 4.19.324" +CVE_STATUS[CVE-2024-53060] = "fixed-version: Fixed from version 6.11.8" CVE_STATUS[CVE-2024-53061] = "fixed-version: Fixed from version 6.12" @@ -9600,7 +9600,7 @@ CVE_STATUS[CVE-2024-53068] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-53069] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-53070] = "fixed-version: Fixed from version 5.15.172" +CVE_STATUS[CVE-2024-53070] = "fixed-version: Fixed from version 6.11.8" CVE_STATUS[CVE-2024-53071] = "fixed-version: Fixed from version 6.12" @@ -9654,7 +9654,7 @@ CVE_STATUS[CVE-2024-53095] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-53096] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-53097] = "fixed-version: Fixed from version 5.10.230" +CVE_STATUS[CVE-2024-53097] = "fixed-version: Fixed from version 6.11.9" CVE_STATUS[CVE-2024-53098] = "fixed-version: Fixed from version 6.12" @@ -9730,7 +9730,7 @@ CVE_STATUS[CVE-2024-53134] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-53135] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-53136] = "fixed-version: Fixed from version 4.19.325" +CVE_STATUS[CVE-2024-53136] = "fixed-version: Fixed from version 6.11.10" CVE_STATUS[CVE-2024-53137] = "fixed-version: Fixed from version 6.12" @@ -11198,7 +11198,7 @@ CVE_STATUS[CVE-2025-21792] = "cpe-stable-backport: Backported in 6.12.16" CVE_STATUS[CVE-2025-21793] = "cpe-stable-backport: Backported in 6.12.16" -CVE_STATUS[CVE-2025-21794] = "fixed-version: Fixed from version 6.12.16" +CVE_STATUS[CVE-2025-21794] = "cpe-stable-backport: Backported in 6.12.16" CVE_STATUS[CVE-2025-21795] = "cpe-stable-backport: Backported in 6.12.16" @@ -11380,7 +11380,7 @@ CVE_STATUS[CVE-2025-21883] = "cpe-stable-backport: Backported in 6.12.18" CVE_STATUS[CVE-2025-21885] = "cpe-stable-backport: Backported in 6.12.18" -CVE_STATUS[CVE-2025-21886] = "fixed-version: Fixed from version 6.12.18" +CVE_STATUS[CVE-2025-21886] = "cpe-stable-backport: Backported in 6.12.18" CVE_STATUS[CVE-2025-21887] = "cpe-stable-backport: Backported in 6.12.18" @@ -11454,7 +11454,7 @@ CVE_STATUS[CVE-2025-21921] = "cpe-stable-backport: Backported in 6.12.19" CVE_STATUS[CVE-2025-21922] = "cpe-stable-backport: Backported in 6.12.19" -CVE_STATUS[CVE-2025-21923] = "fixed-version: Fixed from version 6.12.19" +CVE_STATUS[CVE-2025-21923] = "cpe-stable-backport: Backported in 6.12.19" CVE_STATUS[CVE-2025-21924] = "cpe-stable-backport: Backported in 6.12.19" @@ -11620,7 +11620,7 @@ CVE_STATUS[CVE-2025-22004] = "cpe-stable-backport: Backported in 6.12.21" CVE_STATUS[CVE-2025-22005] = "cpe-stable-backport: Backported in 6.12.21" -CVE_STATUS[CVE-2025-22006] = "fixed-version: Fixed from version 6.12.21" +CVE_STATUS[CVE-2025-22006] = "cpe-stable-backport: Backported in 6.12.21" CVE_STATUS[CVE-2025-22007] = "cpe-stable-backport: Backported in 6.12.21" From patchwork Wed Jul 2 03:11:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66067 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA16BC83F04 for ; Wed, 2 Jul 2025 03:12:40 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web11.15027.1751425956024567388 for ; Tue, 01 Jul 2025 20:12:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=hs13Ve1l; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-73972a54919so3813043b3a.3 for ; Tue, 01 Jul 2025 20:12:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425955; x=1752030755; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TUMZBNJR3atkrNpzC41juF7UfLgIrL2frcer7Lj/L5k=; b=hs13Ve1l69smpzTw8teklWc5ZQWgHonLR7CgUMWi4IvdwkISRs+d4NCfX1Dd+sMhTY D4Pugt4njCfjYn7lETkem+Kvz9E3aVr8N1O8MJSiYkduMTBB4j+BbVAbal53WdL3gkxT /yShV2Uz9zAL+gdc+S9bo0vdg88VJuTogH0KYaSNkdNUQD4YsMAm8ohX8fLc3g5mGXKJ Cso7l8DkILYc7ZaH7xjgNom4CAS5HAgWm7Yfpt/Oos3V2qAAXcgAb4L2qNM2G/QOHi+R YtbwWZ+XOWyBjzYTu1HHQWE0uoqKcQsbkl++cOnphKwqUGfNL33tpQXX7eCdMXZ8s+Tu kz8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425955; x=1752030755; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TUMZBNJR3atkrNpzC41juF7UfLgIrL2frcer7Lj/L5k=; b=u+lvQi8SxDzakCmdoTHEf9A0hQ/FnRvJiD46nFkkatGSuqX/hMairRCV/ajvtmMG2O GPL1gatl6pFYCvHLxSw+ctvD1uga8BGDaGafVDow5as7r6Yt8SaZOrVpWyx50vgaa18P BtiHb+1893c5nERhtekg4jE9nrXwhWD60oqs4P0B/jXiEdXfbQgjNzVoUAbGFNMoF9Mf u2QoieIa4iLKAYDlUQLMN8rLTdyMFN3nNVyAHudO9Kn1c3e253iGl/IwCkieBYzwS6p0 pwJ4ejI0hUhHgAvLfnFFHOskIdljAOe08QPPkoiXrKPEaWPBcPf6o7xlUsKkpatPGTad WnJA== X-Gm-Message-State: AOJu0YyDZN99OvIAepqBK99gfaue71SKWoVQmWN9u54JSxK9oRwQZNPe mh8bPpEcBjIi9gH//4de2o0K4IeVihzHer+5f4oh2SgQysVOIqQbiS1qJtmidnoy/DbDf4cVUcM UfFt7 X-Gm-Gg: ASbGncsIOrndzumuVp0vy/v8Ua6vLEjPBptBBw5u8ces7q2trsCrA6394A7BTiP9q2R MvlNm0IlN6egpctfdbu3zfT6PFLAjBtnpgDj9N3iCKKRZyhT3YknLdk8Jx/zGzhIQhtN7eL5yJM ftd8EDEACLeLJgc+pXyRJe5h/WxIjPlPXHgethN7nVdfFqZCCOPjxaY+Ky6uNVF0x3UzpUZgIIb auUykaAEn2WrJ9tJ8UvwpKZhTceQG20wG/ieHHa+QHF6OU/H2ercxH/IEvcPElF7fCfeBQ6l2p1 YjOQ2goxVD/310KhZUDbfMcNUHedvnMuD3kDnl7411CJ+NGl7u8SqA== X-Google-Smtp-Source: AGHT+IECMjnH6QhgV8cwP13VsFBT2k8min894R0OEZr3fBl4y6ByVTfPtnod2vDcOZCQc4iHU0zibw== X-Received: by 2002:a05:6a00:a04:b0:732:2923:b70f with SMTP id d2e1a72fcca58-74b50f29ff3mr1440804b3a.11.1751425955003; Tue, 01 Jul 2025 20:12:35 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:34 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 08/19] linux/cve-exclusion: do not shift first_affected Date: Tue, 1 Jul 2025 20:11:53 -0700 Message-ID: <1cbb0103bbf5f567ceeb01abb48869d29f74be1d.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219762 From: Peter Marko Stop shifting first_affected if backport is indicated. This does not have effect on generated list, but makes the logic cleaner as it will not shift it to "first affected on our branch" and also make it behave like in defaultStatus==affected case. Cc: daniel.turull@ericsson.com Signed-off-by: Peter Marko Signed-off-by: Richard Purdie (cherry picked from commit dc1ecb69389dd79354084757ba6b9af0781afcc0) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/generate-cve-exclusions.py | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 5c85c0db88..302ec8ebc9 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -69,7 +69,6 @@ def get_fixed_versions(cve_info, base_version): first_affected = v fixed = less_than if base_version < v and v < next_version: - first_affected = v fixed_backport = less_than return first_affected, fixed, fixed_backport From patchwork Wed Jul 2 03:11:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66070 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8146C83F05 for ; Wed, 2 Jul 2025 03:12:40 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web10.15054.1751425959163514591 for ; Tue, 01 Jul 2025 20:12:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Kaq1cdtS; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-74ad4533ac5so6323547b3a.0 for ; Tue, 01 Jul 2025 20:12:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425958; x=1752030758; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PKhD6JgvSFwAnxX5NIAlddddtqT0gJFQZ4EtYKe3KMo=; b=Kaq1cdtSa2LBEgNKoSYPJuxFdHpCGcN1qwymRUlWcLvcLIEzF1HWW0NpMo8QUB/BSq LSArqaU2oSGK779YvYaXIww12/f+iFZcBiCin/pAv/Wntu0kBZYdRGrJBeQge8NAHmw8 6I3bMgNcum92PPMTWotGt3aKIokl3fCj1/LB/ILDPCfjli03NX2j73J+xLJrBOga4ykD y+N4wKGlyp0bEnRua+2lSf2MuRVyyT6YxMA0/z5dnTUc7CqahorbmnbrlSVVL8o9VIWg FVDtXA4UosjpPqyEZ/g4ER/nRgLNDj/UdiZHRQYWnd77pJ73aslCqGMDIKnwos0feCBd pNNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425958; x=1752030758; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PKhD6JgvSFwAnxX5NIAlddddtqT0gJFQZ4EtYKe3KMo=; b=oyGvQmExcqQyrtGlBc+YKtlZFv/qBvOS7jAUq6OeYmX094wIizxEJ+U2F1H/RShzdx xzRFWtE99jVOFCvXU0DS5P9/YQKVjX8y9+HyvD2RGhwkDKqudSFuuWs5q3tUfhG/epgi 5XgaXXp4z9rvDWqa6npmzqNNohlv5RiBjEAuv1TsX7A3JmpyfV5AXFBb/gGJZAb3kQ9o FqCqmirKdoy2C4QGkRAEVzvzxK0wu5wa/tljM3OpAZduz8Mgh075O9IgpYntM41kUrHX B2wksFio4Fi1LVPw1ED0Mt99rpZP63lTPuT/c0WpA2KjQyBzHW4KHsarP3q0pQDwHf/P UPGQ== X-Gm-Message-State: AOJu0YxorZsS/O/WrIT3UmJHhgF7K+Vgsd0gfQQSljGsgMSq9CrsHhQf Pq7IKa+h8JXIKEyymdG5DCijP8F6n1odtYyYydBLbjhzmkep4SPpQI2XAXTzSa+mq3OexAp0SL5 EztLr X-Gm-Gg: ASbGncsBMe1T2wNLT/i7NYwWBnfXGuayL0zdYC6NyVzwzE2ZFRG1FwCRytnmcLAMlcE okTn4Jea6QMmEII/WjIQSXWK8SUwyOLMkrmPUE+sfmqhMZDwObKf05L2hKFVwefOAA9fN9w7u75 wZOwfSZXkgNV0QJZSvV4MlzO3a/anm9qFNWlx6dPMDu+gnkUEhl6UWGb3c+iuwvvPOxp0yhK5MK Z/JwlYC71emPP8h8ukO2qtdGNWajoEay6c7MPpqU5domajNy12tajLmhgNzCkmRO/h0OS4eAz/Z cStEdBLcYD4G91jOaxy43GWp7iSbTG136nAxjYXB8gknpDKDLQWNWQ== X-Google-Smtp-Source: AGHT+IHm7wT4mcFdbsHWeZfsAX/LPqnvYLWfND4DQOCgxLFqJzWWSz8VDQFJnzR+ZFJq+cZm2jnogw== X-Received: by 2002:a05:6a20:12cb:b0:222:cac0:f079 with SMTP id adf61e73a8af0-222edc693a4mr1654671637.20.1751425957454; Tue, 01 Jul 2025 20:12:37 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 09/19] linux/cve-exclusion: Update exclusions after kernel update Date: Tue, 1 Jul 2025 20:11:54 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219763 From: Mathieu Dubois-Briand Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c695edcc33ecd5bc01b5fc91ce08a87475a9ace9) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 920 +++++++++++++++++- 1 file changed, 907 insertions(+), 13 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index 5249572cd4..656d1f6898 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-04-27 09:28:35.170900+00:00 for version 6.12.23 +# Generated at 2025-05-12 13:07:15.166162+00:00 for version 6.12.27 python check_kernel_cve_status_version() { - this_version = "6.12.23" + this_version = "6.12.27" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -48,6 +48,10 @@ CVE_STATUS[CVE-2020-36788] = "fixed-version: Fixed from version 5.15" CVE_STATUS[CVE-2020-36789] = "fixed-version: Fixed from version 5.10" +CVE_STATUS[CVE-2020-36790] = "fixed-version: Fixed from version 5.9" + +CVE_STATUS[CVE-2020-36791] = "fixed-version: Fixed from version 5.5.14" + # CVE-2021-28688 has no known resolution # CVE-2021-28691 has no known resolution @@ -1526,6 +1530,8 @@ CVE_STATUS[CVE-2021-4453] = "fixed-version: Fixed from version 5.16" CVE_STATUS[CVE-2021-4454] = "fixed-version: Fixed from version 6.2" +CVE_STATUS[CVE-2022-21546] = "fixed-version: Fixed from version 5.19" + # CVE-2022-26365 has no known resolution # CVE-2022-33740 has no known resolution @@ -2098,8 +2104,6 @@ CVE_STATUS[CVE-2022-48915] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48916] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48917] = "fixed-version: Fixed from version 5.16.13" - CVE_STATUS[CVE-2022-48918] = "fixed-version: Fixed from version 5.17" CVE_STATUS[CVE-2022-48919] = "fixed-version: Fixed from version 5.17" @@ -3740,6 +3744,342 @@ CVE_STATUS[CVE-2022-49760] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2022-49761] = "fixed-version: Fixed from version 6.2" +CVE_STATUS[CVE-2022-49762] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49763] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49764] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49765] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49766] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49767] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49768] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49769] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49770] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49771] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49772] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49773] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49774] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49775] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49776] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49777] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49778] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49779] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49780] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49781] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49782] = "fixed-version: Fixed from version 6.0.10" + +CVE_STATUS[CVE-2022-49783] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49784] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49785] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49786] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49787] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49788] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49789] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49790] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49791] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49792] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49793] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49794] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49795] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49796] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49797] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49798] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49799] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49800] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49801] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49802] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49803] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49804] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49805] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49806] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49807] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49808] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49809] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49810] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49811] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49812] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49813] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49814] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49815] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49817] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49818] = "fixed-version: Fixed from version 6.0.10" + +CVE_STATUS[CVE-2022-49819] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49820] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49821] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49822] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49823] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49824] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49825] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49826] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49827] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49828] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49829] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49830] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49831] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49832] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49833] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49834] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49835] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49836] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49837] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49838] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49839] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49840] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49841] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49842] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49844] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49845] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49846] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49847] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49848] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49849] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49850] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49851] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49852] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49853] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49854] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49855] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49857] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49858] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49859] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49860] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49861] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49862] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49863] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49864] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49865] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49866] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49867] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49868] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49869] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49870] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49871] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49872] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49873] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49874] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49875] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49876] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49877] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49878] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49879] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49880] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49881] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49882] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49883] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49884] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49885] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49886] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49887] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49888] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49889] = "fixed-version: Fixed from version 6.0.8" + +CVE_STATUS[CVE-2022-49890] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49891] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49892] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49893] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49894] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49895] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49896] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49898] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49899] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49900] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49901] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49902] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49903] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49904] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49905] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49906] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49907] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49908] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49909] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49910] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49911] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49912] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49913] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49914] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49915] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49916] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49917] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49918] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49919] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49920] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49921] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49922] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49923] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49924] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49925] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49926] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49927] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49928] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49929] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49930] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49931] = "fixed-version: Fixed from version 6.1" + +CVE_STATUS[CVE-2022-49932] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2022-49933] = "fixed-version: Fixed from version 6.3" + # CVE-2023-34319 has no known resolution # CVE-2023-34324 has no known resolution @@ -4734,6 +5074,216 @@ CVE_STATUS[CVE-2023-53033] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53034] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2023-53035] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53036] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53037] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53038] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53039] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53040] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53041] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53042] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53043] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53044] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53045] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53046] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53047] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53048] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53049] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53050] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53051] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53052] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53053] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53054] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53055] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53056] = "fixed-version: Fixed from version 6.2.9" + +CVE_STATUS[CVE-2023-53057] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53058] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53059] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53060] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53061] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53062] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53064] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53065] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53066] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53067] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53068] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53069] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53070] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53071] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53072] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53073] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53074] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53075] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53077] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53078] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53079] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53080] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53081] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53082] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53083] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53084] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53085] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53086] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53087] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53088] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53089] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53090] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53091] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53092] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53093] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53094] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53095] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53096] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53097] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53098] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53099] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53100] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53101] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53102] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53103] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53105] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53106] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53107] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53108] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53109] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53110] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53111] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53112] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53113] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53114] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53115] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53116] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53117] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53118] = "fixed-version: Fixed from version 6.2.8" + +CVE_STATUS[CVE-2023-53119] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53120] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53121] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53123] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53124] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53125] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53126] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53127] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53128] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53131] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53132] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53133] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53134] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53135] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53136] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53137] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53138] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53139] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53140] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53141] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53142] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53143] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53144] = "fixed-version: Fixed from version 6.3" + +CVE_STATUS[CVE-2023-53145] = "fixed-version: Fixed from version 6.3" + CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8" @@ -6826,8 +7376,6 @@ CVE_STATUS[CVE-2024-39499] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-39500] = "fixed-version: Fixed from version 6.10" -CVE_STATUS[CVE-2024-39501] = "fixed-version: Fixed from version 6.10" - CVE_STATUS[CVE-2024-39502] = "fixed-version: Fixed from version 6.10" CVE_STATUS[CVE-2024-39503] = "fixed-version: Fixed from version 6.10" @@ -8974,8 +9522,6 @@ CVE_STATUS[CVE-2024-50014] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50015] = "fixed-version: Fixed from version 6.12" -CVE_STATUS[CVE-2024-50016] = "fixed-version: Fixed from version 6.12" - CVE_STATUS[CVE-2024-50017] = "fixed-version: Fixed from version 6.12" CVE_STATUS[CVE-2024-50019] = "fixed-version: Fixed from version 6.12" @@ -10878,6 +11424,14 @@ CVE_STATUS[CVE-2024-58092] = "cpe-stable-backport: Backported in 6.12.22" # CVE-2024-58097 needs backporting (fixed from 6.15rc1) +CVE_STATUS[CVE-2024-58098] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2024-58099] = "fixed-version: Fixed from version 6.12" + +CVE_STATUS[CVE-2024-58100] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2024-58237] = "cpe-stable-backport: Backported in 6.12.9" + CVE_STATUS[CVE-2025-21629] = "cpe-stable-backport: Backported in 6.12.9" CVE_STATUS[CVE-2025-21631] = "cpe-stable-backport: Backported in 6.12.10" @@ -11660,14 +12214,12 @@ CVE_STATUS[CVE-2025-22024] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22025] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-22026 needs backporting (fixed from 6.12.24) +CVE_STATUS[CVE-2025-22026] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-22027] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22029] = "cpe-stable-backport: Backported in 6.12.23" - CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards" @@ -11860,7 +12412,7 @@ CVE_STATUS[CVE-2025-22120] = "fixed-version: only affects 6.13 onwards" # CVE-2025-22125 needs backporting (fixed from 6.15rc1) -# CVE-2025-22126 needs backporting (fixed from 6.12.25) +CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.12.25" # CVE-2025-22127 needs backporting (fixed from 6.15rc1) @@ -11886,12 +12438,354 @@ CVE_STATUS[CVE-2025-23136] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-23138] = "cpe-stable-backport: Backported in 6.12.23" +CVE_STATUS[CVE-2025-23140] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-23141] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23142] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23143] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23144] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23145] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23146] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23147] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23148] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23149] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23150] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23151] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23152] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-23153] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-23154] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-23155 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-23156] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23157] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23158] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23159] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23160] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23161] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23162] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-23163] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37738] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37739] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37740] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37741] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37742] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-37743 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-37744] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37745] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-37746 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-37747] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37748] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37749] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37750] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37752] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards" + +CVE_STATUS[CVE-2025-37754] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37755] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37756] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37757] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37758] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37759] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37761] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37762] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37763] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37764] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37765] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37766] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37767] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37768] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37769] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37770] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37771] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37772] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37773] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37774] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37775] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37776] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37777] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37778] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37779] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37780] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37781] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37784] = "fixed-version: only affects 6.13 onwards" + CVE_STATUS[CVE-2025-37785] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-37838 needs backporting (fixed from 6.12.24) +CVE_STATUS[CVE-2025-37786] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37787] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37788] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37789] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37790] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37791] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37792] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37793] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37794] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37796] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37797] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37798] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37799] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37800] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37801] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37802] = "cpe-stable-backport: Backported in 6.12.26" + +# CVE-2025-37803 needs backporting (fixed from 6.15rc2) + +CVE_STATUS[CVE-2025-37804] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37805] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37806] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37807] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37808] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37809] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37810] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37811] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37813] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37815] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37816] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37817] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37818] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26" + +# CVE-2025-37821 needs backporting (fixed from 6.15rc4) + +CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37823] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37824] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37825] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37826] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37827] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37828] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37829] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37830] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37831] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37832] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37833] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37834] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37836] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37837] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37838] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37839] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37840] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37841] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-37842 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37846] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37847] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37848] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37849] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37850] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37851] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37852] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37853] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37854] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-37855 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-37856] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37857] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37858] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37859] = "cpe-stable-backport: Backported in 6.12.24" # CVE-2025-37860 needs backporting (fixed from 6.15rc1) +CVE_STATUS[CVE-2025-37861] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37862] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37863] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37864] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37865] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37866] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37869] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37870] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37871] = "fixed-version: only affects 6.15rc1 onwards" + +CVE_STATUS[CVE-2025-37872] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37873] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37874] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37875] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37876] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37877] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37878] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37879] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37880] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37881] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37882] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37883] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37884] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37885] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37886] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37887] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20" + CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23" # CVE-2025-37925 needs backporting (fixed from 6.15rc1) From patchwork Wed Jul 2 03:11:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66068 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E823CC83F07 for ; Wed, 2 Jul 2025 03:12:40 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.15028.1751425959743602126 for ; Tue, 01 Jul 2025 20:12:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Vp04r5h6; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-748e63d4b05so2625000b3a.2 for ; Tue, 01 Jul 2025 20:12:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425959; x=1752030759; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nhJo1FnU+O7zeTMkCOhnleY30045WzmsQ7UCybBeGsY=; b=Vp04r5h6XRoqToHDN6sGGRN1aVMZUntsd0q+2g/Ji4uJCF65y8vKPle+2ViSA/iG1p tXG4QvOKbWZzt+xhVv11K8sqTRe4ZJxyU26wIuVVj0AAwyKBhqJHDzv17h8+CMKTJBfI frsmiw6a6UZjQNJxZkcLXGpio0RxVEhMc5s4m03PucE1GX0qqRBP29EqQxN18TWsDU3F Ky9mToSaOXraqULlnWh7CYAU5k5vYrR0KKLDRZnkaIACfFBzWPbEG7/VLGQdxVGF1ING KKmST/inVr/vUAmpARnVa+0uzX1sHx7tqOxhecilnfzfUgRm7JVEg+3ksexQAICTyTRo mkDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425959; x=1752030759; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nhJo1FnU+O7zeTMkCOhnleY30045WzmsQ7UCybBeGsY=; b=k5sLj9cTkztA/UXZCUBR+7y1+hlm1dzIvlrBDEjJL1CIHsIx3KlZvopRI92M+aGRJn vuw/roROPXUjJBElS5jIu1wh6mHCrUXKWl+QQyJbeeWcY7KikSHjJliQBoePwfJQ9NNU ILod3czl4mDh0vDG0nLLs62XB5SURqhDR6o8seeayAn6K9YvbyAuSgJMIgZfeE8K7ko4 ZbfplnQLHnsVYb8acz27nIhfM3RT0nqZfKLUK2i+5oO2NzT/dM28V0OABSnNtkONMjcM MCnVAIJHNvqrSDKFMnLAqxSdXSCksoOGlUcWTLxMgMVC68kMHfPyRoAKncVFi5xEYvFu J6CQ== X-Gm-Message-State: AOJu0Yz+pafDxf32sgWqPweZ2GrvAfjztUQhMfDCZgMP35o/iJdCZbTS qiFipZ2/9UEP4VY1xFBRvJ0gZjXq20pcnqoAi3lwM//6pCEME6McQnHoBAtJmba4DBG+Yn7GZS/ 6Zypi X-Gm-Gg: ASbGncsYqiNccG/TUxWnPrihfpZb6KiIjQPqdTMEGSl6iDweNb4G1WHHIRL0a1Waxc7 9YXRxmyIwa9ihn2Fru4LkDVkKsdXGHyQPRuaEbzYEKDPvomFzOaTrqme5UHS+1Pl4k7KKL/OJF0 MxKL+IEhXpmlXWb3woWGZV7V6UCs2U7p041HfRgHfW1jp7g+7p5jV8HdkXnW4LXMbHsu5OUBRRc GZrmuK8LkyXbVIP89H0Ce6KZ9odjmJS8eIsdxt5+wK9dE60/JqDC0eB8ydz8xCRWJDdj9fv5mGD 1/v6CaTqTbZMsomKTBehWURoLZrj8ZGxK0Sob2J5NgE4+3uGWZWoBQ== X-Google-Smtp-Source: AGHT+IHB9aSm3hYOvMQkPKL7nfRKcgTen5XUe028IponS46Ywv7zxATDHGEO/33lSg1inQDCHa2aIw== X-Received: by 2002:a05:6a00:3cd6:b0:742:ae7e:7da8 with SMTP id d2e1a72fcca58-74b510402e8mr1899603b3a.8.1751425958938; Tue, 01 Jul 2025 20:12:38 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:38 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 10/19] linux: add CVE_STATUS for a chrome* bug Date: Tue, 1 Jul 2025 20:11:55 -0700 Message-ID: <8c39f6fa4454147e22d5e386046ed9b1076d7a95.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:40 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219764 From: Randy MacLeod This is not a linux-yocto CVE yet it shows up in the reports as: linux-yocto-custom CVE-2023-3079 0.0 8.8 Unpatched https://nvd.nist.gov/vuln/detail/CVE-2023-3079 For reference, the CPE says: Affects cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* So affects all Linux systems, Running on/with cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* [ YOCTO #15780 ] Signed-off-by: Randy MacLeod Signed-off-by: Mathieu Dubois-Briand (cherry picked from commit 22ef4d2d116afb9d603a05fb107dd9da0e74558b) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/cve-exclusion.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc index f1b7db44b6..80c76433ef 100644 --- a/meta/recipes-kernel/linux/cve-exclusion.inc +++ b/meta/recipes-kernel/linux/cve-exclusion.inc @@ -133,6 +133,8 @@ CVE_STATUS[CVE-2023-1076] = "fixed-version: Fixed from version 6.3rc1" CVE_STATUS[CVE-2023-2898] = "fixed-version: Fixed from version 6.5rc1" +CVE_STATUS[CVE-2023-3079] = "not-applicable-config: Issue only affects chromium, which is not in linux-yocto" + CVE_STATUS[CVE-2023-3772] = "fixed-version: Fixed from version 6.5rc7" CVE_STATUS[CVE-2023-3773] = "fixed-version: Fixed from version 6.5rc7" From patchwork Wed Jul 2 03:11:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66074 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7DB6C83038 for ; Wed, 2 Jul 2025 03:12:50 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.15055.1751425961899883086 for ; Tue, 01 Jul 2025 20:12:42 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=nftfYNWH; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-748fe69a7baso6126929b3a.3 for ; Tue, 01 Jul 2025 20:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425961; x=1752030761; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OrlNXcj1CrZTvQoG5AOH3EoUM8w7oVQkkviuzensSmc=; b=nftfYNWHHZ2GEIdGlivlYwt6PYPryvo8Dh7k4RZzLSehQyizcJkm6dD4AF8mRbX12b smWBmF35DLoGJdM+fJHije6V0k7ygBfWOOfZCHm7USoCnBKuOrceT+V42Ja2Iu1hWN1U ZZ1D92ZpiHNP2+7cjBWeFzTakzpoQcKuOrZZA8PRSq5r3VK38d76TlFIf9LmKZvFznb2 naLx50KK1pHHZMCEyFHlO4jVqQJmOYo+az6oxFoXmBIrbo1U53ib1w4UNmN7HorUSoJy KxWda7fBkPeA0OKLcpUALz4lz75iLAKhwve6Yt92O0D0vC7dMBCtmfDF2cvJeLHcgayM L6tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425961; x=1752030761; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OrlNXcj1CrZTvQoG5AOH3EoUM8w7oVQkkviuzensSmc=; b=vQ9625CipCcl8reY0MYNjIHJ1CHdYflD/q475gr4ol8lbQQfbqME1wNL9iO6k0pPKH 2epEqtDdUPmR8T0mpPIZH4knEw1mCnp+qpQWr2U/pF5vNAnjAW+cvJehCZvQOpfd+iiT /VxtSIgkc7Pjcbo47fs0NrTEkDBibp1yrTapEqwpOMRXVVPeXTUgqMUwkceYB9dRrPZJ 0a8dIIi1jz7LDPEjKnb5vTsBWowawvPNRFmEdSe5tBCt848qrs3L6jPCvqt/fJ22LdS/ CzsJXnTcnvVJ+jKGQesoP1TDXofA6HO8ZYfiINZuPJo4C9z4HIvKia4DDHtfuZd9S0qj 87Qw== X-Gm-Message-State: AOJu0YzNsw/t0O8JU4Uf1gwCJ9xqSqMF1ugHXBT2q83jG9qdS4KHauHw k5ks5F2XSZ3lMpEMYuwiTU736JYhspUMtM4s9eu6Nq6C9tY04+JPjOxvzgEjipJIRvO4JSI7uTQ +YqRW X-Gm-Gg: ASbGncuv4CqlBhpafhyAG1UJXLwLOc0fQfuYQrWZQBcT9G1nCOi2pyS8wDJj7an73JY GbO7OLAIIt2XGYgnAEadCWnnQp6Bx2g5oA2l5H4gsO6sbKuQE0D/xyZJ1oLS7FTu2c88kO54LiX ewbeLXymMXoA3R8KPzVjZIMrqDGJudy7esugxNGWF57Q7NJNWXgeWgpcmMyDc+xXkgXiI0pI6g+ Alf6LBOjg0DL39ZcravEvh6tb9GR14wuGR1Ps0dozTSBsI4+d1goX1SX6BjwpwxxHGfifVtbOo6 tliLLwaOZNtS7tV4jzyTzIVvITaYx7nrwHI/nyvEJ8R2nLMECJkOEw== X-Google-Smtp-Source: AGHT+IGfsvtpU/t2sxOj+K7MpoNdwDqgLxOTZCaO0NMYIcu/Xr1E3lLciGM1lMKW/CFv7PJLRvtNOQ== X-Received: by 2002:a05:6a20:6a0a:b0:1f5:717b:46dc with SMTP id adf61e73a8af0-222d7e8389amr2570830637.27.1751425960961; Tue, 01 Jul 2025 20:12:40 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:40 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 11/19] cve-exclusion_6.12.inc: Update using current cvelistV5 Date: Tue, 1 Jul 2025 20:11:56 -0700 Message-ID: <131b9ee79e4377c0a5ca1ba09d1ecd313548af00.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219765 From: Niko Mauno Regenerated with ./generate-cve-exclusions.py ~/cvelistV5/ 6.12.27 > cve-exclusion_6.12.inc With ~/cvelistV5/ containing clone from https://github.com/CVEProject/cvelistV5.git repository main branch at git hash b20d0043711588b6409ae3118bc0510ab888c316. Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie (cherry picked from commit 0df05f0bf82fdffb14c4243d07ace22b2d7e4c79) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 226 ++++++++++++++++-- 1 file changed, 208 insertions(+), 18 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index 656d1f6898..49d8bfcf0c 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-12 13:07:15.166162+00:00 for version 6.12.27 +# Generated at 2025-05-24 07:35:37.850677+00:00 for version 6.12.27 python check_kernel_cve_status_version() { this_version = "6.12.27" @@ -1956,7 +1956,7 @@ CVE_STATUS[CVE-2022-48840] = "fixed-version: Fixed from version 5.16.17" CVE_STATUS[CVE-2022-48841] = "fixed-version: Fixed from version 5.17" -CVE_STATUS[CVE-2022-48842] = "fixed-version: Fixed from version 5.17" +CVE_STATUS[CVE-2022-48842] = "fixed-version: Fixed from version 5.16.16" CVE_STATUS[CVE-2022-48843] = "fixed-version: Fixed from version 5.17" @@ -2358,8 +2358,6 @@ CVE_STATUS[CVE-2022-49054] = "fixed-version: Fixed from version 5.18" CVE_STATUS[CVE-2022-49055] = "fixed-version: Fixed from version 5.18" -CVE_STATUS[CVE-2022-49056] = "fixed-version: Fixed from version 5.17.4" - CVE_STATUS[CVE-2022-49057] = "fixed-version: Fixed from version 5.18" CVE_STATUS[CVE-2022-49058] = "fixed-version: Fixed from version 5.18" @@ -4078,8 +4076,6 @@ CVE_STATUS[CVE-2022-49931] = "fixed-version: Fixed from version 6.1" CVE_STATUS[CVE-2022-49932] = "fixed-version: Fixed from version 6.3" -CVE_STATUS[CVE-2022-49933] = "fixed-version: Fixed from version 6.3" - # CVE-2023-34319 has no known resolution # CVE-2023-34324 has no known resolution @@ -4564,7 +4560,7 @@ CVE_STATUS[CVE-2023-52731] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-52732] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-52733] = "fixed-version: Fixed from version 6.2" +# CVE-2023-52733 has no known resolution CVE_STATUS[CVE-2023-52735] = "fixed-version: Fixed from version 6.2" @@ -5284,6 +5280,8 @@ CVE_STATUS[CVE-2023-53144] = "fixed-version: Fixed from version 6.3" CVE_STATUS[CVE-2023-53145] = "fixed-version: Fixed from version 6.3" +CVE_STATUS[CVE-2023-53146] = "fixed-version: Fixed from version 6.6" + CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8" CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8" @@ -11438,8 +11436,6 @@ CVE_STATUS[CVE-2025-21631] = "cpe-stable-backport: Backported in 6.12.10" CVE_STATUS[CVE-2025-21632] = "cpe-stable-backport: Backported in 6.12.10" -CVE_STATUS[CVE-2025-21633] = "cpe-stable-backport: Backported in 6.12.10" - CVE_STATUS[CVE-2025-21634] = "cpe-stable-backport: Backported in 6.12.10" CVE_STATUS[CVE-2025-21635] = "cpe-stable-backport: Backported in 6.12.10" @@ -11544,8 +11540,6 @@ CVE_STATUS[CVE-2025-21684] = "cpe-stable-backport: Backported in 6.12.11" CVE_STATUS[CVE-2025-21685] = "cpe-stable-backport: Backported in 6.12.11" -CVE_STATUS[CVE-2025-21686] = "cpe-stable-backport: Backported in 6.12.12" - CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12" CVE_STATUS[CVE-2025-21688] = "fixed-version: only affects 6.13 onwards" @@ -11836,8 +11830,6 @@ CVE_STATUS[CVE-2025-21835] = "cpe-stable-backport: Backported in 6.12.16" CVE_STATUS[CVE-2025-21836] = "cpe-stable-backport: Backported in 6.12.16" -# CVE-2025-21837 needs backporting (fixed from 6.14) - CVE_STATUS[CVE-2025-21838] = "cpe-stable-backport: Backported in 6.12.16" CVE_STATUS[CVE-2025-21839] = "cpe-stable-backport: Backported in 6.12.16" @@ -12364,7 +12356,7 @@ CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards" # CVE-2025-22101 needs backporting (fixed from 6.15rc1) -# CVE-2025-22102 needs backporting (fixed from 6.15rc1) +# CVE-2025-22102 needs backporting (fixed from 6.12.30) # CVE-2025-22103 needs backporting (fixed from 6.15rc1) @@ -12616,8 +12608,6 @@ CVE_STATUS[CVE-2025-37802] = "cpe-stable-backport: Backported in 6.12.26" # CVE-2025-37803 needs backporting (fixed from 6.15rc2) -CVE_STATUS[CVE-2025-37804] = "cpe-stable-backport: Backported in 6.12.26" - CVE_STATUS[CVE-2025-37805] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37806] = "cpe-stable-backport: Backported in 6.12.26" @@ -12650,7 +12640,7 @@ CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37821 needs backporting (fixed from 6.15rc4) +# CVE-2025-37821 needs backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26" @@ -12766,7 +12756,7 @@ CVE_STATUS[CVE-2025-37878] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37879] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37880] = "cpe-stable-backport: Backported in 6.12.26" +# CVE-2025-37880 needs backporting (fixed from 6.15rc1) CVE_STATUS[CVE-2025-37881] = "cpe-stable-backport: Backported in 6.12.26" @@ -12786,10 +12776,210 @@ CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20" +# CVE-2025-37890 needs backporting (fixed from 6.12.28) + +# CVE-2025-37891 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24" + CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23" +# CVE-2025-37894 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" + +# CVE-2025-37897 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-37899 needs backporting (fixed from 6.12.28) + +# CVE-2025-37900 needs backporting (fixed from 6.12.28) + +# CVE-2025-37901 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards" + +# CVE-2025-37903 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-37905 needs backporting (fixed from 6.12.28) + +# CVE-2025-37906 needs backporting (fixed from 6.15rc4) + +# CVE-2025-37907 needs backporting (fixed from 6.12.28) + +# CVE-2025-37908 needs backporting (fixed from 6.12.28) + +# CVE-2025-37909 needs backporting (fixed from 6.12.28) + +# CVE-2025-37910 needs backporting (fixed from 6.12.28) + +# CVE-2025-37911 needs backporting (fixed from 6.12.28) + +# CVE-2025-37912 needs backporting (fixed from 6.12.28) + +# CVE-2025-37913 needs backporting (fixed from 6.12.28) + +# CVE-2025-37914 needs backporting (fixed from 6.12.28) + +# CVE-2025-37915 needs backporting (fixed from 6.12.28) + +# CVE-2025-37916 needs backporting (fixed from 6.12.28) + +# CVE-2025-37917 needs backporting (fixed from 6.12.28) + +# CVE-2025-37918 needs backporting (fixed from 6.12.28) + +# CVE-2025-37919 needs backporting (fixed from 6.12.28) + +# CVE-2025-37920 needs backporting (fixed from 6.12.28) + +# CVE-2025-37921 needs backporting (fixed from 6.12.28) + +# CVE-2025-37922 needs backporting (fixed from 6.12.28) + +# CVE-2025-37923 needs backporting (fixed from 6.12.28) + +# CVE-2025-37924 needs backporting (fixed from 6.12.28) + # CVE-2025-37925 needs backporting (fixed from 6.15rc1) +# CVE-2025-37926 needs backporting (fixed from 6.12.28) + +# CVE-2025-37927 needs backporting (fixed from 6.12.28) + +# CVE-2025-37928 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.15rc1 onwards" + +# CVE-2025-37930 needs backporting (fixed from 6.12.28) + +# CVE-2025-37931 needs backporting (fixed from 6.12.28) + +# CVE-2025-37932 needs backporting (fixed from 6.12.28) + +# CVE-2025-37933 needs backporting (fixed from 6.12.28) + +# CVE-2025-37934 needs backporting (fixed from 6.12.28) + +# CVE-2025-37935 needs backporting (fixed from 6.12.28) + +# CVE-2025-37936 needs backporting (fixed from 6.12.28) + +CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23" + +CVE_STATUS[CVE-2025-37938] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37939] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37940] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37941] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37942] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37943] = "cpe-stable-backport: Backported in 6.12.24" + +CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24" + +# CVE-2025-37946 needs backporting (fixed from 6.12.29) + +# CVE-2025-37947 needs backporting (fixed from 6.12.29) + +# CVE-2025-37948 needs backporting (fixed from 6.12.29) + +# CVE-2025-37949 needs backporting (fixed from 6.12.29) + +CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards" + +# CVE-2025-37951 needs backporting (fixed from 6.12.29) + +# CVE-2025-37952 needs backporting (fixed from 6.12.29) + +CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards" + +# CVE-2025-37954 needs backporting (fixed from 6.12.29) + +# CVE-2025-37955 needs backporting (fixed from 6.12.29) + +# CVE-2025-37956 needs backporting (fixed from 6.12.29) + +# CVE-2025-37957 needs backporting (fixed from 6.12.29) + +# CVE-2025-37958 needs backporting (fixed from 6.12.29) + +# CVE-2025-37959 needs backporting (fixed from 6.12.29) + +# CVE-2025-37960 needs backporting (fixed from 6.12.29) + +# CVE-2025-37961 needs backporting (fixed from 6.12.29) + +CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.15rc1 onwards" + +# CVE-2025-37963 needs backporting (fixed from 6.12.29) + +CVE_STATUS[CVE-2025-37964] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37965] = "fixed-version: only affects 6.15rc2 onwards" + +CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" + +# CVE-2025-37967 needs backporting (fixed from 6.12.30) + +# CVE-2025-37968 needs backporting (fixed from 6.12.30) + +# CVE-2025-37969 needs backporting (fixed from 6.12.29) + +# CVE-2025-37970 needs backporting (fixed from 6.12.29) + +# CVE-2025-37971 needs backporting (fixed from 6.12.29) + +# CVE-2025-37972 needs backporting (fixed from 6.12.29) + +# CVE-2025-37973 needs backporting (fixed from 6.12.29) + +CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25" + +# CVE-2025-37976 has no known resolution + +CVE_STATUS[CVE-2025-37977] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37978] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37979] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37980] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37981] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37982] = "cpe-stable-backport: Backported in 6.12.25" + +CVE_STATUS[CVE-2025-37983] = "cpe-stable-backport: Backported in 6.12.26" + +# CVE-2025-37984 needs backporting (fixed from 6.15rc1) + +CVE_STATUS[CVE-2025-37985] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37986] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37987] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26" + +CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26" + +# CVE-2025-37990 needs backporting (fixed from 6.12.28) + +# CVE-2025-37991 needs backporting (fixed from 6.12.28) + CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23" # CVE-2025-38104 needs backporting (fixed from 6.15rc1) From patchwork Wed Jul 2 03:11:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66071 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECE24C83F03 for ; Wed, 2 Jul 2025 03:12:50 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.15030.1751425964217363150 for ; Tue, 01 Jul 2025 20:12:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sv9XXIUI; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-748f5a4a423so2488130b3a.1 for ; Tue, 01 Jul 2025 20:12:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425963; x=1752030763; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ey/lA1EqT6Ivs56Gmt5QrxBGsk5pLpxzUsCx7m1ZnCk=; b=sv9XXIUIICoyhSGwA/k9qH0UUo/lAlVk0VnLO9+hnXalChz+Bzc3vD8rCJ6WF8hTzo 9srJiMvBceq9toUeUhossHZ7fbZq5dCL4HW7YXvbvIbpqruEJMxO9leQcmjMhMc5pOPZ B7lMrRcCC5/IDXIe8dxBVoLllLsuX1sQXz8EIDsh9+HF8bKee/WOuSViJK6Uq8uJTAs2 w63q6fCeYo3m2IeEvYuHk1Q/pFdJy/SSzNFxXsWbpXIfYfMDIRVPp2JDDZFgRrJ7TgR4 takClYkPvpFbaqhMT8S/Fy0oePXIuF+AhQ14fIgCZnR1bgBshk3G5v+DI/YhWURns2EO 4qOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425963; x=1752030763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ey/lA1EqT6Ivs56Gmt5QrxBGsk5pLpxzUsCx7m1ZnCk=; b=PoE0Z8NfHNG5ZKXIKH3zWYYGSytb+iupw+AB6/A2spj8+mHo3ftJSz4bfOxPQmjYfa 9sK4Gur/oJKaW9EC0E7ktDRsP+U1kIIP1OyCVG341W//sEGDWStzfCvHHIzTXpG3owe+ RXuc/wpMbTDUvuCENBh9Q+ecLPro8f0TLlINybYM3EQWH+Wss0yTqXTP1ypq9qRxN2Iw L2fr2dUeGgjvyXZrM9+bK6gEgnaSQ5hrLNG6Oa0yE1Jh8YoyDQO1bztT+AA5Ohzq/wcA r3aLCSdCeq0uBLPNdV82anXRf+urANnkkv8k8Z5XCxfXo0jqn2w0urhYJRUUlG6LwgCa R4cw== X-Gm-Message-State: AOJu0YyPm68MnOIgClTv9xUze+Wx6T5FUsWL8b03jZilZ9fhz7NZs7UZ DCH8UjwVdSyICKpT4758l+eNjwwJG2cmhvY/u9nMaIYNlfR4yMvzG7Pxw/boMIY7MmCk0z3sqgc gHUOv X-Gm-Gg: ASbGncv9YUm5D1rhNWPCan8KCN2PmjxiPykmH0yVtLSeGEnBsDY+88KRgklgKMzZi5m 9PAHKAJZSs6eKA5SmnCPA3lYYfTMCWzj5MEFuvGVnZYH+1n3Nt9q0wtQ5GYcekVMxT8xU3zCl75 T1hJnPQYcA8gLrKyTZBAaRskQ3kmV4esuCi3SOYlgVdFlU0Kk9Mv97CaxkQoXP2gdKMgumOxyWC lSKCbc9vdGqeRrp3slInNqtzMF6e8xEiMkYYTFwM1muQpCFrJScQgj3QTf8zp2utwUeudPYwCCa 3JwVJ4cK9j8b/uD+eFeVkn4LAuBhWP63BxgpVSmhLK0KC0i+uD8YUkjidLvJgTVs X-Google-Smtp-Source: AGHT+IE4SIYTrjU3usgkghbJmSjoQnPnI/h/Nb5HHGXveAbtdFIkwhf+qYRn0MBrXJJIo51+mEL0HQ== X-Received: by 2002:a05:6a00:3c94:b0:740:aa31:fe66 with SMTP id d2e1a72fcca58-74b50ff6458mr2042176b3a.4.1751425962483; Tue, 01 Jul 2025 20:12:42 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:42 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 12/19] linux: cve-exclusions: Fix false negatives Date: Tue, 1 Jul 2025 20:11:57 -0700 Message-ID: <562f5def8b16ddf23d841ce01419879b7a3aeb2b.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219766 From: Niko Mauno Amend the generate-cve-exclusions.py checking logic in part of the code responsible for iterating the "affected" defaultStatus part of the JSON structure in order to mitigate occurrences of false negatives in the generated output, as well as occurrences of wrong reason for negative result in case where the reason is actually that the checked kernel version is in backport fix scope. In tandem we regenerate the content of cve-exclusion_6.12.inc using https://github.com/CVEProject/cvelistV5.git repository main branch at git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content in sync with the script. Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie (cherry picked from commit b1a5939535d67b9c0e6d8c2729cff9749a0ebaae) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 70 +++++++++---------- .../linux/generate-cve-exclusions.py | 4 +- 2 files changed, 38 insertions(+), 36 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index 49d8bfcf0c..c03ad19a3d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-24 07:35:37.850677+00:00 for version 6.12.27 +# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27 python check_kernel_cve_status_version() { this_version = "6.12.27" @@ -11234,7 +11234,7 @@ CVE_STATUS[CVE-2024-57975] = "cpe-stable-backport: Backported in 6.12.13" CVE_STATUS[CVE-2024-57977] = "cpe-stable-backport: Backported in 6.12.13" -CVE_STATUS[CVE-2024-57978] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2024-57978] = "cpe-stable-backport: Backported in 6.12.13" CVE_STATUS[CVE-2024-57979] = "cpe-stable-backport: Backported in 6.12.13" @@ -11296,7 +11296,7 @@ CVE_STATUS[CVE-2024-58007] = "cpe-stable-backport: Backported in 6.12.14" CVE_STATUS[CVE-2024-58008] = "cpe-stable-backport: Backported in 6.12.14" -CVE_STATUS[CVE-2024-58009] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2024-58009] = "cpe-stable-backport: Backported in 6.12.14" CVE_STATUS[CVE-2024-58010] = "cpe-stable-backport: Backported in 6.12.14" @@ -11542,7 +11542,7 @@ CVE_STATUS[CVE-2025-21685] = "cpe-stable-backport: Backported in 6.12.11" CVE_STATUS[CVE-2025-21687] = "cpe-stable-backport: Backported in 6.12.12" -CVE_STATUS[CVE-2025-21688] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21688] = "cpe-stable-backport: Backported in 6.12.12" CVE_STATUS[CVE-2025-21689] = "cpe-stable-backport: Backported in 6.12.12" @@ -11570,7 +11570,7 @@ CVE_STATUS[CVE-2025-21701] = "cpe-stable-backport: Backported in 6.12.13" CVE_STATUS[CVE-2025-21702] = "cpe-stable-backport: Backported in 6.12.14" -CVE_STATUS[CVE-2025-21703] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21703] = "cpe-stable-backport: Backported in 6.12.14" CVE_STATUS[CVE-2025-21704] = "cpe-stable-backport: Backported in 6.12.16" @@ -11784,7 +11784,7 @@ CVE_STATUS[CVE-2025-21811] = "cpe-stable-backport: Backported in 6.12.13" CVE_STATUS[CVE-2025-21812] = "cpe-stable-backport: Backported in 6.12.13" -CVE_STATUS[CVE-2025-21813] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21813] = "cpe-stable-backport: Backported in 6.12.14" CVE_STATUS[CVE-2025-21814] = "cpe-stable-backport: Backported in 6.12.14" @@ -11794,7 +11794,7 @@ CVE_STATUS[CVE-2025-21816] = "cpe-stable-backport: Backported in 6.12.14" # CVE-2025-21817 needs backporting (fixed from 6.14) -CVE_STATUS[CVE-2025-21819] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21819] = "cpe-stable-backport: Backported in 6.12.14" CVE_STATUS[CVE-2025-21820] = "cpe-stable-backport: Backported in 6.12.14" @@ -11884,7 +11884,7 @@ CVE_STATUS[CVE-2025-21863] = "cpe-stable-backport: Backported in 6.12.17" CVE_STATUS[CVE-2025-21864] = "cpe-stable-backport: Backported in 6.12.17" -CVE_STATUS[CVE-2025-21865] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21865] = "cpe-stable-backport: Backported in 6.12.17" CVE_STATUS[CVE-2025-21866] = "cpe-stable-backport: Backported in 6.12.17" @@ -11958,7 +11958,7 @@ CVE_STATUS[CVE-2025-21900] = "cpe-stable-backport: Backported in 6.12.18" CVE_STATUS[CVE-2025-21901] = "cpe-stable-backport: Backported in 6.12.18" -CVE_STATUS[CVE-2025-21902] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-21902] = "cpe-stable-backport: Backported in 6.12.19" CVE_STATUS[CVE-2025-21903] = "cpe-stable-backport: Backported in 6.12.19" @@ -12212,11 +12212,11 @@ CVE_STATUS[CVE-2025-22027] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22028] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22030] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-22030] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22031] = "fixed-version: only affects 6.13 onwards" -CVE_STATUS[CVE-2025-22032] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-22032] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22033] = "cpe-stable-backport: Backported in 6.12.23" @@ -12246,9 +12246,9 @@ CVE_STATUS[CVE-2025-22045] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22046] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22047] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-22047] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22048] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-22048] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22049] = "cpe-stable-backport: Backported in 6.12.23" @@ -12300,13 +12300,13 @@ CVE_STATUS[CVE-2025-22072] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22073] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22074] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-22074] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22075] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22076] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-22077] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-22077] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-22078] = "cpe-stable-backport: Backported in 6.12.23" @@ -12338,7 +12338,7 @@ CVE_STATUS[CVE-2025-22091] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22092] = "fixed-version: only affects 6.13 onwards" -CVE_STATUS[CVE-2025-22093] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-22093] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-22094] = "fixed-version: only affects 6.13 onwards" @@ -12392,7 +12392,7 @@ CVE_STATUS[CVE-2025-22118] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2025-22120] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26" # CVE-2025-22121 needs backporting (fixed from 6.15rc1) @@ -12506,7 +12506,7 @@ CVE_STATUS[CVE-2025-37750] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2025-37752] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-37752] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards" @@ -12522,7 +12522,7 @@ CVE_STATUS[CVE-2025-37758] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37759] = "cpe-stable-backport: Backported in 6.12.24" -CVE_STATUS[CVE-2025-37760] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-37760] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37761] = "cpe-stable-backport: Backported in 6.12.25" @@ -12570,7 +12570,7 @@ CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2025-37784] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37785] = "cpe-stable-backport: Backported in 6.12.23" @@ -12620,15 +12620,15 @@ CVE_STATUS[CVE-2025-37809] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37810] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37811] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-37811] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37812] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37813] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-37813] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37814] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-37814] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37815] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-37815] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37816] = "cpe-stable-backport: Backported in 6.12.26" @@ -12686,7 +12686,7 @@ CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37844] = "cpe-stable-backport: Backported in 6.12.24" -CVE_STATUS[CVE-2025-37845] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-37845] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37846] = "cpe-stable-backport: Backported in 6.12.24" @@ -12732,13 +12732,13 @@ CVE_STATUS[CVE-2025-37866] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37867] = "cpe-stable-backport: Backported in 6.12.25" -CVE_STATUS[CVE-2025-37868] = "fixed-version: only affects 6.14 onwards" +CVE_STATUS[CVE-2025-37868] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37869] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37870] = "cpe-stable-backport: Backported in 6.12.25" -CVE_STATUS[CVE-2025-37871] = "fixed-version: only affects 6.15rc1 onwards" +CVE_STATUS[CVE-2025-37871] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37872] = "cpe-stable-backport: Backported in 6.12.25" @@ -12786,7 +12786,7 @@ CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23" # CVE-2025-37894 needs backporting (fixed from 6.12.28) -CVE_STATUS[CVE-2025-37895] = "fixed-version: only affects 6.13 onwards" +# CVE-2025-37895 needs backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" @@ -12854,7 +12854,7 @@ CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards" # CVE-2025-37928 needs backporting (fixed from 6.12.28) -CVE_STATUS[CVE-2025-37929] = "fixed-version: only affects 6.15rc1 onwards" +# CVE-2025-37929 needs backporting (fixed from 6.12.28) # CVE-2025-37930 needs backporting (fixed from 6.12.28) @@ -12902,7 +12902,7 @@ CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards" # CVE-2025-37952 needs backporting (fixed from 6.12.29) -CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards" +# CVE-2025-37953 needs backporting (fixed from 6.12.29) # CVE-2025-37954 needs backporting (fixed from 6.12.29) @@ -12920,13 +12920,13 @@ CVE_STATUS[CVE-2025-37953] = "fixed-version: only affects 6.15rc2 onwards" # CVE-2025-37961 needs backporting (fixed from 6.12.29) -CVE_STATUS[CVE-2025-37962] = "fixed-version: only affects 6.15rc1 onwards" +# CVE-2025-37962 needs backporting (fixed from 6.12.29) # CVE-2025-37963 needs backporting (fixed from 6.12.29) -CVE_STATUS[CVE-2025-37964] = "fixed-version: only affects 6.14 onwards" +# CVE-2025-37964 needs backporting (fixed from 6.12.29) -CVE_STATUS[CVE-2025-37965] = "fixed-version: only affects 6.15rc2 onwards" +# CVE-2025-37965 needs backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" @@ -12944,7 +12944,7 @@ CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" # CVE-2025-37973 needs backporting (fixed from 6.12.29) -CVE_STATUS[CVE-2025-37974] = "fixed-version: only affects 6.13 onwards" +# CVE-2025-37974 needs backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25" @@ -12998,7 +12998,7 @@ CVE_STATUS[CVE-2025-39688] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-39728] = "cpe-stable-backport: Backported in 6.12.23" -CVE_STATUS[CVE-2025-39735] = "fixed-version: only affects 6.13 onwards" +CVE_STATUS[CVE-2025-39735] = "cpe-stable-backport: Backported in 6.12.23" CVE_STATUS[CVE-2025-39755] = "fixed-version: only affects 6.13 onwards" diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index 302ec8ebc9..ea59c15a01 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -42,9 +42,11 @@ def get_fixed_versions(cve_info, base_version): if affected["defaultStatus"] == "affected": for version in affected["versions"]: v = Version(version["version"]) - if v == 0: + if v == Version('0'): #Skiping non-affected continue + if version["status"] == "unaffected" and first_affected and v < first_affected: + first_affected = Version(f"{v.major}.{v.minor}") if version["status"] == "affected" and not first_affected: first_affected = v elif (version["status"] == "unaffected" and From patchwork Wed Jul 2 03:11:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66072 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01954C8303D for ; Wed, 2 Jul 2025 03:12:51 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.15056.1751425965309753347 for ; Tue, 01 Jul 2025 20:12:45 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UYQ4nsUx; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-748d982e92cso4840843b3a.1 for ; Tue, 01 Jul 2025 20:12:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425964; x=1752030764; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OwEHE32GgPrYqcSW4K54ajIq9AVtEB9Y6OhPbyCrVXw=; b=UYQ4nsUx/fT4DoN9Nq7VR4YSZ7y+2Dd917ZjgFmG81wI/n3LhRG2s/7C2ys+Xazuom tX1XQ51aO5eVllEAXKKM6jjAFhseYMO2x7NIk4fErzrkpIvGrYlCCN6Fhintu5HDyr4k T01U6UDpd6Cq2C+fkGUF+SytwgOmuYlnTxfelNT3poqpXk87BUk1TM568A8Tn+vBLn+r GbeXWAPNgtgv8NyfSF4dHCPN3sqxI3x7wbmKvBQFCYXVod5E2TFGIgQysyl439Xlu6Qv qoc80vSz0pGeuYN8cCmUgv+MaetP3s6AhhHZJQsDR4HORScuEnz8tBVbbka3qrsctqNx ytPQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425964; x=1752030764; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OwEHE32GgPrYqcSW4K54ajIq9AVtEB9Y6OhPbyCrVXw=; b=WV48ynQTxzgvK9AArEZZABUTdUnoipqMfhudKAoRU5InSX7lPysytytVcB0Hn11Myl jR8igXNjlL02mk6I0ib0nviieozXyUwGdnDCZdpY4AeZkiXPaGVUYqqAZH0NoAto+33O Lr60iHTfITTNmjwTsNhr/KiQC7Xy2A5cYcmZ42tSLoaWNUC+7/mEjaXUWrunIcJgx2tE MIB2YUyw47qlLWaCJMJPDuUIgKBBevZ25kLxX4Qj8EPDkNql8lLReZk0BnZ89m2ewcf/ K66IHV0nyk/guLlU4p0OGouxbpty/XpVlivyC7PEDh3qqOb+OeHt+oRJOJmGHLgcdJhd zHGw== X-Gm-Message-State: AOJu0YwFIMio6G3sHLgpsoax76UVVDXuYhTPb8B1leqUii1cyh6XAlKr l0R/pRal6RAL+itlqPJUpoE6myzKY138iuLsLYpQUvNylidxY9qQ620uPxwWml88XsTNh2Ti70S mxKQP X-Gm-Gg: ASbGnctlZMbMBXZu9euo/pk/3Qml9eb6QNpImUUI3EjMp+g5qrXbC5XqVblSbM52Z5U /NlT9dSX5XXcuGBdnfC4tffceVHrO6CTOPUpVK0l6X6GDsk2jADMVmIn3g1ikJbNGiVjrZgAbPo XuH/gGWNqFlXkTG9xkFdBNKUlxePPaWeO5oZVAHoWdjs0ukCepXEbdUDOZfrrfreHpbLtLb7yT3 NoJvKSX63X5smINQzqvk1tIPyOkXZoYTMhp51TOgtPcguBMAkPqgD0eL/MOAe/2f6T7/F1o37bO JhxyFKWHnBfXND+qg7pGc4zzyEt3ExQJ/LUtdZZ7KLuZQ9UP87+FGA== X-Google-Smtp-Source: AGHT+IHxHe6Tv6zZf7FDxx3/ApAWFeP8BimIRObKPbO+L1bb8TuoRL5HYX5JH5xjTL9vgvSD21VzcA== X-Received: by 2002:a05:6a00:ccd:b0:748:2e7b:3308 with SMTP id d2e1a72fcca58-74b50e8d9famr1693714b3a.6.1751425964286; Tue, 01 Jul 2025 20:12:44 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:43 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 13/19] linux: cve-exclusions: Amend terminology Date: Tue, 1 Jul 2025 20:11:58 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219767 From: Niko Mauno Replace the term 'needs backporting' with 'may need backporting' in generate-cve-exclusions.py when the checked kernel version may or may not be in the vulnerable version range, thus making backporting necessary only in the former case. In tandem we regenerate the content of cve-exclusion_6.12.inc using https://github.com/CVEProject/cvelistV5.git repository main branch at git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content in sync with the script. Signed-off-by: Niko Mauno Signed-off-by: Richard Purdie (cherry picked from commit feb80e6be16f27611a018d0ef7841cbb466c47d1) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 142 +++++++++--------- .../linux/generate-cve-exclusions.py | 2 +- 2 files changed, 72 insertions(+), 72 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index c03ad19a3d..120b1b5ef7 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,6 +1,6 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-24 12:02:58.590640+00:00 for version 6.12.27 +# Generated at 2025-05-24 12:18:11.126849+00:00 for version 6.12.27 python check_kernel_cve_status_version() { this_version = "6.12.27" @@ -12356,7 +12356,7 @@ CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards" # CVE-2025-22101 needs backporting (fixed from 6.15rc1) -# CVE-2025-22102 needs backporting (fixed from 6.12.30) +# CVE-2025-22102 may need backporting (fixed from 6.12.30) # CVE-2025-22103 needs backporting (fixed from 6.15rc1) @@ -12640,7 +12640,7 @@ CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37821 needs backporting (fixed from 6.12.29) +# CVE-2025-37821 may need backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26" @@ -12776,99 +12776,99 @@ CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20" -# CVE-2025-37890 needs backporting (fixed from 6.12.28) +# CVE-2025-37890 may need backporting (fixed from 6.12.28) -# CVE-2025-37891 needs backporting (fixed from 6.12.28) +# CVE-2025-37891 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-37894 needs backporting (fixed from 6.12.28) +# CVE-2025-37894 may need backporting (fixed from 6.12.28) -# CVE-2025-37895 needs backporting (fixed from 6.12.28) +# CVE-2025-37895 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-37897 needs backporting (fixed from 6.12.28) +# CVE-2025-37897 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37899 needs backporting (fixed from 6.12.28) +# CVE-2025-37899 may need backporting (fixed from 6.12.28) -# CVE-2025-37900 needs backporting (fixed from 6.12.28) +# CVE-2025-37900 may need backporting (fixed from 6.12.28) -# CVE-2025-37901 needs backporting (fixed from 6.12.28) +# CVE-2025-37901 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards" -# CVE-2025-37903 needs backporting (fixed from 6.12.28) +# CVE-2025-37903 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37905 needs backporting (fixed from 6.12.28) +# CVE-2025-37905 may need backporting (fixed from 6.12.28) # CVE-2025-37906 needs backporting (fixed from 6.15rc4) -# CVE-2025-37907 needs backporting (fixed from 6.12.28) +# CVE-2025-37907 may need backporting (fixed from 6.12.28) -# CVE-2025-37908 needs backporting (fixed from 6.12.28) +# CVE-2025-37908 may need backporting (fixed from 6.12.28) -# CVE-2025-37909 needs backporting (fixed from 6.12.28) +# CVE-2025-37909 may need backporting (fixed from 6.12.28) -# CVE-2025-37910 needs backporting (fixed from 6.12.28) +# CVE-2025-37910 may need backporting (fixed from 6.12.28) -# CVE-2025-37911 needs backporting (fixed from 6.12.28) +# CVE-2025-37911 may need backporting (fixed from 6.12.28) -# CVE-2025-37912 needs backporting (fixed from 6.12.28) +# CVE-2025-37912 may need backporting (fixed from 6.12.28) -# CVE-2025-37913 needs backporting (fixed from 6.12.28) +# CVE-2025-37913 may need backporting (fixed from 6.12.28) -# CVE-2025-37914 needs backporting (fixed from 6.12.28) +# CVE-2025-37914 may need backporting (fixed from 6.12.28) -# CVE-2025-37915 needs backporting (fixed from 6.12.28) +# CVE-2025-37915 may need backporting (fixed from 6.12.28) -# CVE-2025-37916 needs backporting (fixed from 6.12.28) +# CVE-2025-37916 may need backporting (fixed from 6.12.28) -# CVE-2025-37917 needs backporting (fixed from 6.12.28) +# CVE-2025-37917 may need backporting (fixed from 6.12.28) -# CVE-2025-37918 needs backporting (fixed from 6.12.28) +# CVE-2025-37918 may need backporting (fixed from 6.12.28) -# CVE-2025-37919 needs backporting (fixed from 6.12.28) +# CVE-2025-37919 may need backporting (fixed from 6.12.28) -# CVE-2025-37920 needs backporting (fixed from 6.12.28) +# CVE-2025-37920 may need backporting (fixed from 6.12.28) -# CVE-2025-37921 needs backporting (fixed from 6.12.28) +# CVE-2025-37921 may need backporting (fixed from 6.12.28) -# CVE-2025-37922 needs backporting (fixed from 6.12.28) +# CVE-2025-37922 may need backporting (fixed from 6.12.28) -# CVE-2025-37923 needs backporting (fixed from 6.12.28) +# CVE-2025-37923 may need backporting (fixed from 6.12.28) -# CVE-2025-37924 needs backporting (fixed from 6.12.28) +# CVE-2025-37924 may need backporting (fixed from 6.12.28) # CVE-2025-37925 needs backporting (fixed from 6.15rc1) -# CVE-2025-37926 needs backporting (fixed from 6.12.28) +# CVE-2025-37926 may need backporting (fixed from 6.12.28) -# CVE-2025-37927 needs backporting (fixed from 6.12.28) +# CVE-2025-37927 may need backporting (fixed from 6.12.28) -# CVE-2025-37928 needs backporting (fixed from 6.12.28) +# CVE-2025-37928 may need backporting (fixed from 6.12.28) -# CVE-2025-37929 needs backporting (fixed from 6.12.28) +# CVE-2025-37929 may need backporting (fixed from 6.12.28) -# CVE-2025-37930 needs backporting (fixed from 6.12.28) +# CVE-2025-37930 may need backporting (fixed from 6.12.28) -# CVE-2025-37931 needs backporting (fixed from 6.12.28) +# CVE-2025-37931 may need backporting (fixed from 6.12.28) -# CVE-2025-37932 needs backporting (fixed from 6.12.28) +# CVE-2025-37932 may need backporting (fixed from 6.12.28) -# CVE-2025-37933 needs backporting (fixed from 6.12.28) +# CVE-2025-37933 may need backporting (fixed from 6.12.28) -# CVE-2025-37934 needs backporting (fixed from 6.12.28) +# CVE-2025-37934 may need backporting (fixed from 6.12.28) -# CVE-2025-37935 needs backporting (fixed from 6.12.28) +# CVE-2025-37935 may need backporting (fixed from 6.12.28) -# CVE-2025-37936 needs backporting (fixed from 6.12.28) +# CVE-2025-37936 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23" @@ -12888,63 +12888,63 @@ CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37946 needs backporting (fixed from 6.12.29) +# CVE-2025-37946 may need backporting (fixed from 6.12.29) -# CVE-2025-37947 needs backporting (fixed from 6.12.29) +# CVE-2025-37947 may need backporting (fixed from 6.12.29) -# CVE-2025-37948 needs backporting (fixed from 6.12.29) +# CVE-2025-37948 may need backporting (fixed from 6.12.29) -# CVE-2025-37949 needs backporting (fixed from 6.12.29) +# CVE-2025-37949 may need backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-37951 needs backporting (fixed from 6.12.29) +# CVE-2025-37951 may need backporting (fixed from 6.12.29) -# CVE-2025-37952 needs backporting (fixed from 6.12.29) +# CVE-2025-37952 may need backporting (fixed from 6.12.29) -# CVE-2025-37953 needs backporting (fixed from 6.12.29) +# CVE-2025-37953 may need backporting (fixed from 6.12.29) -# CVE-2025-37954 needs backporting (fixed from 6.12.29) +# CVE-2025-37954 may need backporting (fixed from 6.12.29) -# CVE-2025-37955 needs backporting (fixed from 6.12.29) +# CVE-2025-37955 may need backporting (fixed from 6.12.29) -# CVE-2025-37956 needs backporting (fixed from 6.12.29) +# CVE-2025-37956 may need backporting (fixed from 6.12.29) -# CVE-2025-37957 needs backporting (fixed from 6.12.29) +# CVE-2025-37957 may need backporting (fixed from 6.12.29) -# CVE-2025-37958 needs backporting (fixed from 6.12.29) +# CVE-2025-37958 may need backporting (fixed from 6.12.29) -# CVE-2025-37959 needs backporting (fixed from 6.12.29) +# CVE-2025-37959 may need backporting (fixed from 6.12.29) -# CVE-2025-37960 needs backporting (fixed from 6.12.29) +# CVE-2025-37960 may need backporting (fixed from 6.12.29) -# CVE-2025-37961 needs backporting (fixed from 6.12.29) +# CVE-2025-37961 may need backporting (fixed from 6.12.29) -# CVE-2025-37962 needs backporting (fixed from 6.12.29) +# CVE-2025-37962 may need backporting (fixed from 6.12.29) -# CVE-2025-37963 needs backporting (fixed from 6.12.29) +# CVE-2025-37963 may need backporting (fixed from 6.12.29) -# CVE-2025-37964 needs backporting (fixed from 6.12.29) +# CVE-2025-37964 may need backporting (fixed from 6.12.29) -# CVE-2025-37965 needs backporting (fixed from 6.12.29) +# CVE-2025-37965 may need backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37967 needs backporting (fixed from 6.12.30) +# CVE-2025-37967 may need backporting (fixed from 6.12.30) -# CVE-2025-37968 needs backporting (fixed from 6.12.30) +# CVE-2025-37968 may need backporting (fixed from 6.12.30) -# CVE-2025-37969 needs backporting (fixed from 6.12.29) +# CVE-2025-37969 may need backporting (fixed from 6.12.29) -# CVE-2025-37970 needs backporting (fixed from 6.12.29) +# CVE-2025-37970 may need backporting (fixed from 6.12.29) -# CVE-2025-37971 needs backporting (fixed from 6.12.29) +# CVE-2025-37971 may need backporting (fixed from 6.12.29) -# CVE-2025-37972 needs backporting (fixed from 6.12.29) +# CVE-2025-37972 may need backporting (fixed from 6.12.29) -# CVE-2025-37973 needs backporting (fixed from 6.12.29) +# CVE-2025-37973 may need backporting (fixed from 6.12.29) -# CVE-2025-37974 needs backporting (fixed from 6.12.29) +# CVE-2025-37974 may need backporting (fixed from 6.12.29) CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25" @@ -12976,9 +12976,9 @@ CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37990 needs backporting (fixed from 6.12.28) +# CVE-2025-37990 may need backporting (fixed from 6.12.28) -# CVE-2025-37991 needs backporting (fixed from 6.12.28) +# CVE-2025-37991 may need backporting (fixed from 6.12.28) CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23" diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index ea59c15a01..b45c2d5702 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -141,7 +141,7 @@ do_cve_check[prefuncs] += "check_kernel_cve_status_version" f'CVE_STATUS[{cve}] = "cpe-stable-backport: Backported in {backport_ver}"' ) else: - print(f"# {cve} needs backporting (fixed from {backport_ver})") + print(f"# {cve} may need backporting (fixed from {backport_ver})") else: print(f"# {cve} needs backporting (fixed from {fixed})") From patchwork Wed Jul 2 03:11:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66073 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0642AC83F05 for ; Wed, 2 Jul 2025 03:12:51 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.15031.1751425967085259478 for ; Tue, 01 Jul 2025 20:12:47 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2ntDZgQk; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-748fe69a7baso6126956b3a.3 for ; Tue, 01 Jul 2025 20:12:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425966; x=1752030766; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Cx8qY2VpegGA4rAAECFVuNCqseH43iXQrACSjRYxtaM=; b=2ntDZgQk1p1b5ZahllaRQ5FDVuWzc5hJYUhvHjKVdmv/V5gBnjgtbs4RF73fmlL5lI 5B3UWhhPp2SSuHv/uQXwZ/4VRcaOGHTKVgG2jmZ50lracFMZHdnQL3NxepBLhVdKGwkL Tap7kj1Y+bR21Gpd/qdZOZleD++HZImPBfe1a/Ew2/w58mzjFlvHw46WGtyS4BkGpKPr MPZYOHpNGi1clQhJo9DDYUUMvUZVDI/0lD5u0Gkln0SsE2n9OP/oehFbCF60feDpIt89 vw4TIFfGcQ83ULNgNf/7kOEyvWFV7fEXeXj6xUL4M4xf3c/WMMtoClJwfi8Biu2++Jcf xb4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425966; x=1752030766; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Cx8qY2VpegGA4rAAECFVuNCqseH43iXQrACSjRYxtaM=; b=H+K5ell36QbTBv8D1j4w8s5P+68GdUMzZii6Fu4qz1ELzj2rs9Nx9u/7IEYVjTk3z/ 4gNHQWD0L9tSIy6MJ3xc61Qgs5QkRZFS/MUes4n160ZuYngVSPOvuvPRAaemuChyESg5 wMQCYIkHfAngSLS9OdNw/F5ZZk6L5vG4L8RydaD/g21XhyM3vrkJkDc1LpzyXfz1Cxk9 bDubUhPjF2FAl5FjF7/dTAZa5b449i+hB1O+gOVL7qW6AkgqnDxZMcNTGfdLLyHtZ8yD 9/q9TA4Kq8fXBSIb2VSoV3lkHqNn0Tb6OdoFZdyZMHohTHssQDrlgfLiaCWo8J8uA0Ra kDCA== X-Gm-Message-State: AOJu0YxP07KO6+jfoJ7bufA9fABNIbXBLCRw0fbVdZ8kJk8kKM3466C3 kbGp1X10QmaKESlTyD7+kTS/VNd0dllOlvhVRxfK0QNmuQzwOnsBGn7ewHRubLG08wxC3xrb89M EvYnK X-Gm-Gg: ASbGnct9Q08RqXErlL//8NR4pLEw0Uqs3TW4TC9rFkPbtW59pa6QvGKRjxO6ubXINsR YniBKeig2+uNsupMnMMoZH/sNHeOhQtBKotDIPY8JPc5pmpWhNiuH93yISLsdAtDDL6gB4z4kSA HEZM/3VzVQTaH+pFe/Q2JDFSwTCXAfpZlPOcy4An2sTqoQSBNfnCbNRpUuyk4G2hyurjZ5+HFDO ASgLVFBoYoQ7ofAEERJ2FMvdfjbJW2BHfmM7gin0B1N17+7YKeKmSgCYcu6wqYrieCSflX3CO4V 5M84LguZGvoBq0tzCY5DCAEgxZkg0lC+GfPqCTUz69J+RjsFulap7g== X-Google-Smtp-Source: AGHT+IG1D3T1VuRLIwulQIHvY2fZGWaYed/oZvnE1hK676+YZ/jyyG1kdCoBEdsPjdY7PXMZg+OVAA== X-Received: by 2002:a05:6a00:218f:b0:746:26fe:8cdf with SMTP id d2e1a72fcca58-74b50e8eb48mr1787072b3a.7.1751425966354; Tue, 01 Jul 2025 20:12:46 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:46 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 14/19] linux/generate-cve-exclusions: show the name and version of the data source Date: Tue, 1 Jul 2025 20:11:59 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219768 From: Ross Burton Add another comment to state what the data source for the CVE data was, specifically the basename of the repository and the "git describe" output of HEAD. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 5e66e2b79faec2285d249b16457ecc63c4042444) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/generate-cve-exclusions.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py index b45c2d5702..dfc16663a5 100755 --- a/meta/recipes-kernel/linux/generate-cve-exclusions.py +++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py @@ -11,6 +11,7 @@ import json import pathlib import os import glob +import subprocess from packaging.version import Version @@ -92,13 +93,16 @@ def main(argp=None): parser.add_argument("version", type=Version, help="Kernel version number to generate data for, such as 6.1.38") args = parser.parse_args(argp) - datadir = args.datadir + datadir = args.datadir.resolve() version = args.version base_version = Version(f"{version.major}.{version.minor}") + data_version = subprocess.check_output(("git", "describe", "--tags", "HEAD"), cwd=datadir, text=True) + print(f""" # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at {datetime.datetime.now(datetime.timezone.utc)} for version {version} +# Generated at {datetime.datetime.now(datetime.timezone.utc)} for kernel version {version} +# From {datadir.name} {data_version} python check_kernel_cve_status_version() {{ this_version = "{version}" From patchwork Wed Jul 2 03:12:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66076 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0D551C83F04 for ; Wed, 2 Jul 2025 03:12:51 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.15057.1751425969289410463 for ; Tue, 01 Jul 2025 20:12:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fHfvFMuw; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-748d982e92cso4840868b3a.1 for ; Tue, 01 Jul 2025 20:12:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425968; x=1752030768; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hDSOrB4Z+QVa6aniYIqdj4XC9iz6Nse3bgAs9nmEtOI=; b=fHfvFMuw82T0kOAxYAS8oggbSbAYaAON+KCH3lfeUl2odI9mrPRbwf1sycsesH2CUi zp6rMB/RtMoe0c5zWchnFbd5LVXnJY4xXl+FjaHNKnexCK182gLuPvkiay903dPxaks2 f1z5CEo6NX0MA685hE94qSh5bcVxQcVmdTsZ/CcxTIl8ytP0cpZqKjhNbOClbYeoITRn 9+0hX/+i2AYUHbNKCMVlrH3Rqrjn7GPCoHbKGu8a3STowe2enIpKkD/APhbyl6JeW37W TOFRrXC8ND4J9XQ88xXri0HwDxV9mCoacEapnTXSgk5Ae7h5WMTSxCe/HAhc8u23N7gD lQEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425968; x=1752030768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hDSOrB4Z+QVa6aniYIqdj4XC9iz6Nse3bgAs9nmEtOI=; b=RJyIEieTKjXbVUC6pSQ75MIznupdK83zENKXw9DAtohMPdhEPWnQW2vhfuN/WNrIoS GktbY36C1iIb1FyBNe6W51/FvE/EmTJOlpkdRV1NJ9HEADC8w4YAvJOeeuJDmif7U4ZD +X8+PBu7DTrH5JX3TJZhItqy4d4w2U95bGcJpTM0G9/lZEkhrl5KuUAfEyU0EpIlZ2on VT4gWcqV34/ewDLVTS+K3Zshz8el3feCXftROMNbcbCEttyqEmAL8UCSQ5COC4vy9dkP j1ji60+FmCO/31l5t7EyDP85TqmrnKQGuoGoOfOrBXLF7LyfHzSkQ1hVyyT7Z4TgC/aJ w4Bg== X-Gm-Message-State: AOJu0Yw29DWg1TKWNdBJjLLIbPGccw6JBR6aHdwq4dKcHYY8oFaeC7XX Po/YT20biMrF1kmNdIt1SQq5n79weBEwP7fj/Riq+UBojgDrywoVdIV8iCaA+rUHjGa5z5FWnO5 WlN6E X-Gm-Gg: ASbGncvYGzVC/ZbQEMaGt+l4rwjjqqK4gTq9dxvFtleyIFcSNKLBr0xnsBe78SoN3yT olfOWfG3DZRFltIQqbNupJUY3T0E1AtiTwvwVnwv8ZoNO9PUpbhH025GO6pQzmZygZmKR/2g6tz cHSY4pF4jMpMP6AGNprQIkHnZU+G7QHoV1rS0BHwk8F+6kp0ekNeVjvwk2qwZwCcGIpY6BO5Ke6 C9AvyLi1y/6XCAQ7U7Sd8DG12ck4N7eXfCdumT0c7/0rrdc9uS94fnz+l+3Mf6QCl5+L0nosdOS QuH3jrcny96q0nkZdbHfFTzWFAjBJiL13yRClemu7XAZh7aXQTHdIQ== X-Google-Smtp-Source: AGHT+IG0p3Kv+PRt/gpPL9WpUbaCmmznu80RYRJHXe3kQfN0FLelzdNwKtnLoGsh9ljYnWVLa3mARg== X-Received: by 2002:a05:6a20:748f:b0:1f5:619a:7f4c with SMTP id adf61e73a8af0-222d7f06890mr2509461637.29.1751425968239; Tue, 01 Jul 2025 20:12:48 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 15/19] linux-yocto: refresh CVE exclusions Date: Tue, 1 Jul 2025 20:12:00 -0700 Message-ID: <6507be4fd7e1738b15509cbd42267548ba4a42a5.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219769 From: Ross Burton As we upgraded the kernel, the exclusions need to be updated too. This marks many CVEs as resolved. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit e99d1e7116aef8c5458cd51c0b97b8e275ade3a9) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 246 +++++++++--------- 1 file changed, 122 insertions(+), 124 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index 120b1b5ef7..d33880eae0 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,9 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-24 12:18:11.126849+00:00 for version 6.12.27 +# Generated at 2025-05-29 10:54:43.823437+00:00 for kernel version 6.12.30 +# From cvelistV5 cve_2025-05-29_1000Z-1-g4f2590b715f + python check_kernel_cve_status_version() { - this_version = "6.12.27" + this_version = "6.12.30" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -6894,8 +6896,6 @@ CVE_STATUS[CVE-2024-36905] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-36906] = "fixed-version: Fixed from version 6.9" -# CVE-2024-36907 has no known resolution - CVE_STATUS[CVE-2024-36908] = "fixed-version: Fixed from version 6.9" CVE_STATUS[CVE-2024-36909] = "fixed-version: Fixed from version 6.9" @@ -11412,15 +11412,15 @@ CVE_STATUS[CVE-2024-58090] = "cpe-stable-backport: Backported in 6.12.18" CVE_STATUS[CVE-2024-58092] = "cpe-stable-backport: Backported in 6.12.22" -# CVE-2024-58093 needs backporting (fixed from 6.15rc1) +# CVE-2024-58093 needs backporting (fixed from 6.15) -# CVE-2024-58094 needs backporting (fixed from 6.15rc1) +# CVE-2024-58094 needs backporting (fixed from 6.15) -# CVE-2024-58095 needs backporting (fixed from 6.15rc1) +# CVE-2024-58095 needs backporting (fixed from 6.15) -# CVE-2024-58096 needs backporting (fixed from 6.15rc1) +# CVE-2024-58096 needs backporting (fixed from 6.15) -# CVE-2024-58097 needs backporting (fixed from 6.15rc1) +# CVE-2024-58097 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2024-58098] = "cpe-stable-backport: Backported in 6.12.25" @@ -12354,39 +12354,39 @@ CVE_STATUS[CVE-2025-22099] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-22101 needs backporting (fixed from 6.15rc1) +# CVE-2025-22101 needs backporting (fixed from 6.15) -# CVE-2025-22102 may need backporting (fixed from 6.12.30) +CVE_STATUS[CVE-2025-22102] = "cpe-stable-backport: Backported in 6.12.30" -# CVE-2025-22103 needs backporting (fixed from 6.15rc1) +# CVE-2025-22103 needs backporting (fixed from 6.15) -# CVE-2025-22104 needs backporting (fixed from 6.15rc1) +# CVE-2025-22104 needs backporting (fixed from 6.15) -# CVE-2025-22105 needs backporting (fixed from 6.15rc1) +# CVE-2025-22105 needs backporting (fixed from 6.15) -# CVE-2025-22106 needs backporting (fixed from 6.15rc1) +# CVE-2025-22106 needs backporting (fixed from 6.15) -# CVE-2025-22107 needs backporting (fixed from 6.15rc1) +# CVE-2025-22107 needs backporting (fixed from 6.15) -# CVE-2025-22108 needs backporting (fixed from 6.15rc1) +# CVE-2025-22108 needs backporting (fixed from 6.15) -# CVE-2025-22109 needs backporting (fixed from 6.15rc1) +# CVE-2025-22109 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-22110] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-22111 needs backporting (fixed from 6.15rc1) +# CVE-2025-22111 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-22112] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-22113 needs backporting (fixed from 6.15rc1) +# CVE-2025-22113 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-22114] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-22115 needs backporting (fixed from 6.15rc1) +# CVE-2025-22115 needs backporting (fixed from 6.15) -# CVE-2025-22116 needs backporting (fixed from 6.15rc1) +# CVE-2025-22116 needs backporting (fixed from 6.15) -# CVE-2025-22117 needs backporting (fixed from 6.15rc1) +# CVE-2025-22117 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-22118] = "fixed-version: only affects 6.13 onwards" @@ -12394,39 +12394,39 @@ CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-22121 needs backporting (fixed from 6.15rc1) +# CVE-2025-22121 needs backporting (fixed from 6.15) -# CVE-2025-22122 needs backporting (fixed from 6.15rc1) +# CVE-2025-22122 needs backporting (fixed from 6.15) -# CVE-2025-22123 needs backporting (fixed from 6.15rc1) +# CVE-2025-22123 needs backporting (fixed from 6.15) -# CVE-2025-22124 needs backporting (fixed from 6.15rc1) +# CVE-2025-22124 needs backporting (fixed from 6.15) -# CVE-2025-22125 needs backporting (fixed from 6.15rc1) +# CVE-2025-22125 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.12.25" -# CVE-2025-22127 needs backporting (fixed from 6.15rc1) +# CVE-2025-22127 needs backporting (fixed from 6.15) -# CVE-2025-22128 needs backporting (fixed from 6.15rc1) +# CVE-2025-22128 needs backporting (fixed from 6.15) -# CVE-2025-23129 needs backporting (fixed from 6.15rc1) +# CVE-2025-23129 needs backporting (fixed from 6.15) -# CVE-2025-23130 needs backporting (fixed from 6.15rc1) +# CVE-2025-23130 needs backporting (fixed from 6.15) -# CVE-2025-23131 needs backporting (fixed from 6.15rc1) +# CVE-2025-23131 needs backporting (fixed from 6.15) -# CVE-2025-23132 needs backporting (fixed from 6.15rc1) +# CVE-2025-23132 needs backporting (fixed from 6.15) -# CVE-2025-23133 needs backporting (fixed from 6.15rc1) +# CVE-2025-23133 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-23134] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-23135 needs backporting (fixed from 6.15rc1) +# CVE-2025-23135 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-23136] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-23137 needs backporting (fixed from 6.15rc1) +# CVE-2025-23137 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-23138] = "cpe-stable-backport: Backported in 6.12.23" @@ -12460,7 +12460,7 @@ CVE_STATUS[CVE-2025-23153] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-23154] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-23155 needs backporting (fixed from 6.15rc1) +# CVE-2025-23155 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-23156] = "cpe-stable-backport: Backported in 6.12.24" @@ -12488,13 +12488,13 @@ CVE_STATUS[CVE-2025-37741] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37742] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37743 needs backporting (fixed from 6.15rc1) +# CVE-2025-37743 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37744] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37745] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37746 needs backporting (fixed from 6.15rc1) +# CVE-2025-37746 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37747] = "cpe-stable-backport: Backported in 6.12.24" @@ -12508,8 +12508,6 @@ CVE_STATUS[CVE-2025-37751] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37752] = "cpe-stable-backport: Backported in 6.12.24" -CVE_STATUS[CVE-2025-37753] = "fixed-version: only affects 6.15rc1 onwards" - CVE_STATUS[CVE-2025-37754] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37755] = "cpe-stable-backport: Backported in 6.12.24" @@ -12606,7 +12604,7 @@ CVE_STATUS[CVE-2025-37801] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37802] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37803 needs backporting (fixed from 6.15rc2) +# CVE-2025-37803 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37805] = "cpe-stable-backport: Backported in 6.12.26" @@ -12640,7 +12638,7 @@ CVE_STATUS[CVE-2025-37819] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37820] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37821 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37821] = "cpe-stable-backport: Backported in 6.12.29" CVE_STATUS[CVE-2025-37822] = "cpe-stable-backport: Backported in 6.12.26" @@ -12680,7 +12678,7 @@ CVE_STATUS[CVE-2025-37840] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37841] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37842 needs backporting (fixed from 6.15rc1) +# CVE-2025-37842 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24" @@ -12706,7 +12704,7 @@ CVE_STATUS[CVE-2025-37853] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37854] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37855 needs backporting (fixed from 6.15rc1) +# CVE-2025-37855 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37856] = "cpe-stable-backport: Backported in 6.12.24" @@ -12716,7 +12714,7 @@ CVE_STATUS[CVE-2025-37858] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37859] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37860 needs backporting (fixed from 6.15rc1) +# CVE-2025-37860 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37861] = "cpe-stable-backport: Backported in 6.12.24" @@ -12756,7 +12754,7 @@ CVE_STATUS[CVE-2025-37878] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37879] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37880 needs backporting (fixed from 6.15rc1) +# CVE-2025-37880 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37881] = "cpe-stable-backport: Backported in 6.12.26" @@ -12776,99 +12774,97 @@ CVE_STATUS[CVE-2025-37888] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37889] = "cpe-stable-backport: Backported in 6.12.20" -# CVE-2025-37890 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37890] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37891 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37891] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37892] = "cpe-stable-backport: Backported in 6.12.24" CVE_STATUS[CVE-2025-37893] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-37894 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37894] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37895 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37895] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37896] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-37897 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37897] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37898] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37899 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37899] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37900 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37900] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37901 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37901] = "cpe-stable-backport: Backported in 6.12.28" -CVE_STATUS[CVE-2025-37902] = "fixed-version: only affects 6.15rc5 onwards" - -# CVE-2025-37903 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37903] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37904] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37905 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37905] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37906 needs backporting (fixed from 6.15rc4) +# CVE-2025-37906 needs backporting (fixed from 6.15) -# CVE-2025-37907 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37907] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37908 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37908] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37909 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37909] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37910 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37910] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37911 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37911] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37912 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37912] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37913 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37913] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37914 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37914] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37915 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37915] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37916 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37916] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37917 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37917] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37918 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37918] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37919 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37919] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37920 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37920] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37921 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37921] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37922 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37922] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37923 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37923] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37924 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37924] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37925 needs backporting (fixed from 6.15rc1) +# CVE-2025-37925 needs backporting (fixed from 6.15) -# CVE-2025-37926 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37926] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37927 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37927] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37928 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37928] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37929 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37929] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37930 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37930] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37931 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37931] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37932 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37932] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37933 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37933] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37934 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37934] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37935 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37935] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37936 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37936] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37937] = "cpe-stable-backport: Backported in 6.12.23" @@ -12888,63 +12884,63 @@ CVE_STATUS[CVE-2025-37944] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37945] = "cpe-stable-backport: Backported in 6.12.24" -# CVE-2025-37946 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37946] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37947 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37947] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37948 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37948] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37949 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37949] = "cpe-stable-backport: Backported in 6.12.29" CVE_STATUS[CVE-2025-37950] = "fixed-version: only affects 6.14 onwards" -# CVE-2025-37951 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37951] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37952 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37952] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37953 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37953] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37954 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37954] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37955 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37955] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37956 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37956] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37957 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37957] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37958 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37958] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37959 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37959] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37960 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37960] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37961 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37961] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37962 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37962] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37963 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37963] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37964 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37964] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37965 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37965] = "cpe-stable-backport: Backported in 6.12.29" CVE_STATUS[CVE-2025-37966] = "fixed-version: only affects 6.13 onwards" -# CVE-2025-37967 may need backporting (fixed from 6.12.30) +CVE_STATUS[CVE-2025-37967] = "cpe-stable-backport: Backported in 6.12.30" -# CVE-2025-37968 may need backporting (fixed from 6.12.30) +CVE_STATUS[CVE-2025-37968] = "cpe-stable-backport: Backported in 6.12.30" -# CVE-2025-37969 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37969] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37970 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37970] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37971 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37971] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37972 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37972] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37973 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37973] = "cpe-stable-backport: Backported in 6.12.29" -# CVE-2025-37974 may need backporting (fixed from 6.12.29) +CVE_STATUS[CVE-2025-37974] = "cpe-stable-backport: Backported in 6.12.29" CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25" @@ -12964,7 +12960,7 @@ CVE_STATUS[CVE-2025-37982] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37983] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37984 needs backporting (fixed from 6.15rc1) +# CVE-2025-37984 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-37985] = "cpe-stable-backport: Backported in 6.12.26" @@ -12976,13 +12972,15 @@ CVE_STATUS[CVE-2025-37988] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37989] = "cpe-stable-backport: Backported in 6.12.26" -# CVE-2025-37990 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37990] = "cpe-stable-backport: Backported in 6.12.28" + +CVE_STATUS[CVE-2025-37991] = "cpe-stable-backport: Backported in 6.12.28" -# CVE-2025-37991 may need backporting (fixed from 6.12.28) +CVE_STATUS[CVE-2025-37992] = "cpe-stable-backport: Backported in 6.12.30" CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-38104 needs backporting (fixed from 6.15rc1) +# CVE-2025-38104 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-38152] = "cpe-stable-backport: Backported in 6.12.23" @@ -13008,11 +13006,11 @@ CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-40014 needs backporting (fixed from 6.15rc1) +# CVE-2025-40014 needs backporting (fixed from 6.15) CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23" -# CVE-2025-40325 needs backporting (fixed from 6.15rc1) +# CVE-2025-40325 needs backporting (fixed from 6.15) # CVE-2025-40364 has no known resolution From patchwork Wed Jul 2 03:12:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66075 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BA8BC83F07 for ; Wed, 2 Jul 2025 03:12:51 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.15032.1751425970690874369 for ; Tue, 01 Jul 2025 20:12:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=dVhGyaYG; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-74b56b1d301so24085b3a.1 for ; Tue, 01 Jul 2025 20:12:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425970; x=1752030770; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WOYsh3SyHvALQCrrssHvXPmth0IOeoM+UaafT1kBa4w=; b=dVhGyaYGpZTTQ1WdaYruaH+vJIm0k7tXqeNxPciv8mkgs7zhfzkE0UhJF3Lh8OdfBw 8qzg+CTghyV1qJwhiE1neU15CFSy6X7ONmvgHnP2/nWeJuu45mx3ROr58mdkTAFtlLSO 7a6L0SoWB6OFHZkiBcnnXFh7D3gzpHD0dkoBE5SxkBBy3O0vCO1LQ5TneIpEzh79XET1 CR7dNMQECQCbk9fU5JEbpGyPtiXELIVF5aVL3hSR90M9Cr7mnLRXjLXaAnW4jWxWKPwW z3ISpdeJV2OT6X0mEBGvA4TM8PRQpTnsN0rjGuV6M+4IQUrMTDb/NBay70G4MBb/gvyx CeVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425970; x=1752030770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WOYsh3SyHvALQCrrssHvXPmth0IOeoM+UaafT1kBa4w=; b=N+DV7xsc02obxsKqlKCtNtdN+NCUsFLzTFeiVwS+o6gxXzwXho6X57vHwoahogm22y 67wQMqehcfOsQJmWmWeDKKhKliCWro2yNxgf3XFSHvHclfrYhYkXAsomxV5wkrHblmI4 R6yYke3fzL3WuUzx3AkV9aalSOpJyRet2Ecn/3/9IDpi80bkg4srh5ao0RIgoGBN6AHH lmGY03f+qexRIhTOyKZ0rdxLfzDSxuCyZIwZ+o3veefSAODBvEc48Mm0aqvDIKE8mf1E kqsemymO3TFYzaXAe6y0DyR0FqZRNb0VNBsNbZC6lCTSZGbedmq7mybS6UoLFQZz9upv oDBQ== X-Gm-Message-State: AOJu0YzPRptOUn81hlebRvRbcXQfh9XKnjJ3GizmoNd/6cF6UVyqXKYz rzVy8FptUJQVEm73sRKd3iopLm4iShS/93wHiEQKupenc/tNTdvlwpY8VryglkaIM85SjxF6qu3 oqa9y X-Gm-Gg: ASbGncsHam0YM75NXuQzpv2AzkFt0G54LYjoVjLYbqaxrTD9/0HzSl5OH2Oz5vFIYIg V9Vw9NUlrf4p62I5MPyDzz8pC3f62zmHnJUc00CISIjiAsyHa7xeGwQc1G/0FxFleYEjOpWDh+d d/VYd64N3FCNhCE9qjFBobJbP7/Bv/9q35ECcJHZoQ4zl1AgMKLjf1ouGEbAO+OthiuxIb0a6pV IaXxIDVGamNIItj6wgQLO5kJq0PciJRSp0F3R3eI1IrWPd39eXHQ+0/OyJx4lMEdZzX+/oUx0XY akARmBnW1CCaA44u1XCjRmUzvSMsfPqhKXCXOBqGZDEGP5IEo7BlNg== X-Google-Smtp-Source: AGHT+IGtxR21f5NkTZf5vl1s9VhQb8OqSf+Xn2nZK3ClLOyERZrQxiCJfW6GecLEIXiCEoBClnolVg== X-Received: by 2002:a05:6a00:3c92:b0:736:d297:164 with SMTP id d2e1a72fcca58-74b50db6043mr1773613b3a.1.1751425969959; Tue, 01 Jul 2025 20:12:49 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:49 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 16/19] linux-yocto/6.12: revert riscv config sync Date: Tue, 1 Jul 2025 20:12:01 -0700 Message-ID: <5f83371f9da7616f8941d9fef115934e41f93658.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:12:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219770 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/.: 1/1 [ Author: Khem Raj Email: raj.khem@gmail.com Subject: Revert "bsp/qemuriscv32: Sync config with upstream defconfig 6.12+" Date: Thu, 29 May 2025 18:53:48 -0700 These options are infact required for qemu riscv32 emulation. This reverts commit 64e08f7f69c662efe5f3780e7e42fc80635ad16f. Signed-off-by: Khem Raj Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 1baa2ede9b759632bd97f3308752ec863dc6543e) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb | 2 +- meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb | 2 +- meta/recipes-kernel/linux/linux-yocto_6.12.bb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb index 24d93645ca..2088717489 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb @@ -15,7 +15,7 @@ python () { } SRCREV_machine ?= "3d3d56a846c993611859096016322dccea1317cd" -SRCREV_meta ?= "60484dda26122958e5f4d8f813424fa637770bf6" +SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb index 042adf94d0..90a00f7cd5 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb @@ -18,7 +18,7 @@ KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" SRCREV_machine ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_meta ?= "60484dda26122958e5f4d8f813424fa637770bf6" +SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb index 089d4b4c6a..52ffb9882f 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb @@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" SRCREV_machine:qemux86-64 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" SRCREV_machine:qemumips64 ?= "98a85ed93bd5eaefe30c4aa3f7c15549be2bd032" SRCREV_machine ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_meta ?= "60484dda26122958e5f4d8f813424fa637770bf6" +SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same From patchwork Wed Jul 2 03:12:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66079 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 192F5C83F03 for ; Wed, 2 Jul 2025 03:13:01 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.15033.1751425973365604938 for ; Tue, 01 Jul 2025 20:12:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tE7UeCWd; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-747e41d5469so4435090b3a.3 for ; Tue, 01 Jul 2025 20:12:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425972; x=1752030772; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tdYxCSHIJSsfSjBP3ZwuNAX8e8lsQ8O3H6EB3NRPXbM=; b=tE7UeCWdpUIvWTpTqcN8gBd9h6+KtuVk3lc/X0UlNqPIw0ts47J7oiZZGLlWPo3GkH 8RBpxQOaAMYoUnvx4GCq3rHHtgYvyNknl389l45qUSVzWtFlEifqlWi7E8c80YD4qlFp Y0Ow1is9W8PVJoGUOMqhXSjCGcwwpdEg4oOiwjC6d0gOg5HYNXJjl3feVLmSLX+vg3ke cg62Q9iUZNkX7R/vt7ppFftTb5PoZvEOE/hwRYZVDwRqWxXGkx3fZG4QpkjH1+cE96Dt rixpuQx0rUJxrIuZROKedc67fshZ0TDafCfhaWI0cGmYXBkHNeu5MJP2FCM6+bSSubPI F7IA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425972; x=1752030772; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tdYxCSHIJSsfSjBP3ZwuNAX8e8lsQ8O3H6EB3NRPXbM=; b=HYnvPQk6a50PZSQPZ3D1KFDem2zwL9pQI8IglSH6InQ1bFg9oGuMjSF4WgYxrhzeD9 x77qj5qRgcVoGOk/YBi1mQCyVm/QLdLRFAP8n2wWz4wrSnf7iARnDEfbz14Agj71QPPy WfoAp3W6Kbk0FOzmqy4dN8/LJSz9nUONHuvgB5Uk78uXYHexYXLBFnragUd61EfFUs/n BkulyEiASzTczww4uGYRbuDsSE+kvy+DZQomcvwPzpzk3mKF8zMWOQAqzSUNE/Lda1vj k0mqIAxJxLgzbzQb4+tk0k1hMQS6Yo8/WtxDMqYL1w5DHjXsniupSt66EJgbSbUsmMac JYdA== X-Gm-Message-State: AOJu0Ywgn1dg4Rn69oypWsk2YCYAVdtvJQ9l1G4tDlcqTFAf6VQVW8hE lzTAYaFP5zhqREeBywkZMVqtgVmlqr0Klw6d+xN7hGV4JINj28rZjpewAyLo9/iyceAo2NWlCUJ 2NEkW X-Gm-Gg: ASbGnctQ8Bx/52dZbwLrxRQ/N3Ure0ZQBHS9Dj9qgLHAeZ12mgTpa3pWht/+N8RCtqd KIFRq839JutJyBsVxRqaq9kqGXVBxVIb9pfAlJfsEWondalCuJHwd3RajUAqesCljlbZwmxe3FC 5Ykr+UxkXtosuqY3YTNG9EvGoe9DW4MxBCKBx7zkOEymPsPeG0ZkR7O7JzIDQR7dV3wPvFjw+9L zYDXwZrk582cRxPhvwLQlEU4pePrAl9YQkxF2m55Zfz9iT2OZbWHI7bh+3HZNIpAI3P7XWsCnfx idYrV2Q3rZDzDYSukaIeTeH9JKU4r6unGtjar9lTEES71Lg/89TtYg== X-Google-Smtp-Source: AGHT+IF2T3f9O9qjtqclgyS58v6QCU3GLIqz0gSoYo9VdSAYe3A0RZdRHYmeVfMMysrD0E+fiIWJEA== X-Received: by 2002:a05:6a00:189a:b0:74a:d1ac:dd48 with SMTP id d2e1a72fcca58-74b515134f0mr1652129b3a.23.1751425971789; Tue, 01 Jul 2025 20:12:51 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:51 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 17/19] linux-yocto/6.12: update to v6.12.31 Date: Tue, 1 Jul 2025 20:12:02 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:13:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219771 From: Bruce Ashfield Updating linux-yocto/6.12 to the latest korg -stable release that comprises the following commits: df3f6d10f353d Linux 6.12.31 85fb1edd059bf drm/gem: Internally test import_attach for imported objects ee2a06bbbb8a0 x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers bounce buffers ae0d63ec39053 i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() 73c4707510f27 pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() ecb9d3123bef7 watchdog: aspeed: fix 64-bit division c3e1091eb054c drm/amdkfd: Correct F8_MODE for gfx950 a8a34fbf915dd serial: sh-sci: Save and restore more registers 80eb73778deba bpf: abort verification if env->cur_state->loop_entry != NULL fdee1dc816b4c drm/amd/display: Exit idle optimizations before accessing PHY dd8a734155ae2 kbuild: Properly disable -Wunterminated-string-initialization for clang 3f856d5d84467 Fix mis-uses of 'cc-option' for warning disablement d66cf772bebd7 gcc-15: disable '-Wunterminated-string-initialization' entirely for now 9f58537e9b8f0 gcc-15: make 'unterminated string initialization' just a warning d28b0305f711e err.h: move IOMEM_ERR_PTR() to err.h 96537d8c67e5e spi: spi-fsl-dspi: Reset SR flags before sending a new message b1781bd47e6d4 spi: spi-fsl-dspi: Halt the module after a new message transfer b9fbbcf61e7c7 spi: spi-fsl-dspi: restrict register range for regmap access 1d45e0170cf00 spi: use container_of_cont() for to_spi_device() 92f077ff52f28 platform/x86: think-lmi: Fix attribute name usage for non-compliant items 5c54a557bde18 ksmbd: fix stream write failure 544ff7fb19727 Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC connection" 111a892a235d5 Bluetooth: btmtksdio: Do close if SDIO card removed without close 3e0dc2b4f678c Bluetooth: btmtksdio: Check function enabled before doing close fedd2a1443600 nilfs2: fix deadlock warnings caused by lock dependency in init_nilfs() 483ac74183e1e mm: vmalloc: only zero-init on vrealloc shrink 94efb0d656902 mm: vmalloc: actually use the in-place vrealloc region 9f9517f156866 mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled 9da33ce1142b5 mm/page_alloc.c: avoid infinite retries caused by cpuset race 314bf771cb87c memcg: always call cond_resched() after fn() 9b8263cae64a6 highmem: add folio_test_partial_kmap() cb9a1019a63fe Input: xpad - add more controllers 7c220f89add8e Revert "drm/amd: Keep display off while going into S4" b4f801e8cfcc1 smb: client: Reset all search buffer pointers when releasing buffer 56b06539b6782 arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs 9bea368648ac4 smb: client: Fix use-after-free in cifs_fill_dirent dc9bdfb9b0286 drm/edid: fixed the bug that hdr metadata was not reset 56081f5d14c67 thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature 8594a123cfa23 platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() e78908caf17cb pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() 0ae82a7abff8f pmdomain: renesas: rcar: Remove obsolete nullify checks a6ddbf9ae7884 vmxnet3: update MTU after device quiesce ba689e089369d net: dsa: microchip: linearize skb for tail-tagging switches 352fbde14177d can: kvaser_pciefd: Fix echo_skb race 8654c8a0528d0 can: kvaser_pciefd: Continue parsing DMA buf after dropped RX 80702f002b136 llc: fix data loss when reading from a socket in llc_ui_recvmsg() 4e22325b98245 ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 bf85e49aaf3a3 ALSA: pcm: Fix race of buffer access at PCM OSS layer 799d48c95f9b6 ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction 20e3fa3b7df9d ASoc: SOF: topology: connect DAI to a single DAI link 6a62b917fb55b ASoC: SOF: Intel: hda-bus: Use PIO mode on ACE2+ platforms 964d355832700 ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext 63567ecd99a24 can: bcm: add missing rcu read protection for procfs content cc55dd28c20a6 can: bcm: add locking for bcm_op runtime updates adb05149a9055 can: slcan: allow reception of short error messages 5300e487487d7 padata: do not leak refcount in reorder_work 2f45a8d64fb4e crypto: algif_hash - fix double free in hash_accept bcb1c946c761d clk: s2mps11: initialise clk_hw_onecell_data::num before accessing ::hws[] in probe() 4a7261089d1aa octeontx2-af: Fix APR entry mapping based on APR_LMT_CFG 92b04bac366f0 octeontx2-af: Set LMT_ENA bit for APR table entries 689a205cd968a net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done 41678d7222850 octeontx2-pf: Add AF_XDP non-zero copy support 49b21795b8e56 sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() 0a2422f97651c idpf: fix idpf_vport_splitq_napi_poll() 873ebaf3c1113 io_uring: fix overflow resched cqe reordering 845ef0462ac70 net: lan743x: Restore SGMII CTRL register on resume 8e4fd8e76dd7e net: dwmac-sun8i: Use parsed internal PHY address instead of 1 3e79182c82a11 pinctrl: qcom: switch to devm_register_sys_off_handler() cd7f022296972 loop: don't require ->write_iter for writable files in loop_configure f6f5e9c8cb680 idpf: fix null-ptr-deref in idpf_features_check 8c3b8ace9ce4a ice: Fix LACP bonds without SRIOV environment 7191b69eae0f5 ice: fix vf->num_mac count with port representors 233a227a317b0 bridge: netfilter: Fix forwarding of fragmented packets 0b7d3e782027a ptp: ocp: Limit signal/freq counts in summary output functions 6a1f9a709a616 Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling 1e8b7e96f71fe Bluetooth: L2CAP: Fix not checking l2cap_chan security level ca51db2316676 perf/x86/intel: Fix segfault with PEBS-via-PT with sample_freq 1c1fb885e5885 irqchip/riscv-imsic: Start local sync timer on correct CPU 2b49e68360eb6 ASoC: SOF: Intel: hda: Fix UAF when reloading module 4a39fbffad5cd devres: Introduce devm_kmemdup_array() 7207effe4743f driver core: Split devres APIs to device/devres.h ae344b9f842d9 dmaengine: fsl-edma: Fix return code for unhandled interrupts d31daa83efbab dmaengine: idxd: Fix ->poll() return value 252f78a9317ac xfrm: Sanitize marks before insert ae5e975a46e26 clk: sunxi-ng: d1: Add missing divider for MMC mod clocks 090aa8d51ec6c remoteproc: qcom_wcnss: Fix on platforms without fallback regulators 447c8f0c06190 kernel/fork: only call untrack_pfn_clear() on VMAs duplicated for fork() 7f5dc43b46205 x86/sev: Fix operator precedence in GHCB_MSR_VMPL_REQ_LEVEL macro d91576a2321d7 dmaengine: idxd: Fix allowing write() from different address spaces b1a687eb15bcf xfrm: Fix UDP GRO handling for some corner cases 9cbca30102028 espintcp: remove encap socket caching to avoid reference leak 28756f22de48d espintcp: fix skb leaks 153bc79b5d02c soundwire: bus: Fix race on the creation of the IRQ domain 8cafd7266fa02 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock a0c50c9f9c912 drm/amd/display: Call FP Protect Before Mode Programming/Mode Support 211f589206459 xenbus: Allow PVH dom0 a non-local xenstore 5a8d073d87da4 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 b8581b4e4d96e wifi: iwlwifi: add support for Killer on MTL 1645fc1849ef0 block: only update request sector if needed 511ea82e344e0 tools: ynl-gen: validate 0 len strings from kernel 6e9770de02496 btrfs: avoid NULL pointer dereference if no valid csum tree 230c94ca3527d btrfs: handle empty eb->folios in num_extent_folios() 7f7c8c03feba5 btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref 92dff981dddff btrfs: compression: adjust cb->compressed_folios allocation type 5926bc887da2f ASoC: intel/sdw_utils: Add volume limit to cs42l43 speakers 6b1a9a7647097 cifs: Fix changing times and read-only attr over SMB1 smb_set_file_info() function 0a9920e1ff67d cifs: Fix and improve cifs_query_path_info() and cifs_query_file_info() ad3e83a6c8033 io_uring/fdinfo: annotate racy sq/cq head/tail reads ec462449f4cf6 nvmet-tcp: don't restore null sk_state_change 6a09b6bad09a6 ALSA: usb-audio: Fix duplicated name in MIDI substream names 6d196cae4b0b2 nvme-pci: add quirks for WDC Blue SN550 15b7:5009 ff214b079d55e nvme-pci: add quirks for device 126f:1001 35ec11b38588c ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx 8f76431c00b2d ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 63affdae7ff49 ASoC: cs42l43: Disable headphone clamps during type detection 4c7a0425fb620 platform/x86: ideapad-laptop: add support for some new buttons 2418bf5d383fa platform/x86: asus-wmi: Disable OOBE state after resume from hibernation 00fe4c0e46959 platform/x86/intel: hid: Add Pantherlake support aa000a4ee9897 smb: server: smb2pdu: check return value of xa_store() c134c62b9e97b pinctrl: meson: define the pull up/down resistor value as 60 kOhm 5863bd44ed2fa book3s64/radix: Fix compile errors when CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=n b5aa85b9b0c4c ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() 9fddd1f15465f drm: Add valid clones check 08150a6c83a9a drm/panel-edp: Add Starry 116KHD024006 aa52c70ae1322 drm/buddy: fix issue that force_merge cannot free all roots 135105287781e drm/atomic: clarify the rules around drm_atomic_state->allow_modeset 6ceef704e2bce drm/xe: Reject BO eviction if BO is bound to current VM 650c1769cfe9d drm/xe/sa: Always call drm_suballoc_manager_fini() 1cc37163730aa wifi: rtw89: coex: Separated Wi-Fi connecting event from Wi-Fi scan event c9db43696ed0e drm/xe: Do not attempt to bootstrap VF in execlists mode 274ae1044bd2c drm/xe: Move suballocator init to after display init 115360031be90 wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation e1fffcd1d75db drm/nouveau: fix the broken marco GSP_MSG_MAX_SIZE 878ccaf79c95f drm: bridge: adv7511: fill stream capabilities fb0d82562c078 wifi: ath12k: Fix end offset bit definition in monitor ring descriptor bb2d55681ee70 wifi: ath12k: Fetch regdb.bin file from board-2.bin a3f6e4682f3d4 wifi: ath9k: return by of_get_mac_address 331c0af96c034 drm/xe/pf: Reset GuC VF config when unprovisioning critical resource 63780d7352f0f accel/qaic: Mask out SR-IOV PCI resources a1e3f2ea66c0d wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override ff56fbf50eff9 regulator: ad5398: Add device tree support 697a6f8a91063 spi: zynqmp-gqspi: Always acknowledge interrupts c533839e0a48d wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet 9e9e974915908 wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate 0b63d246248f5 wifi: rtl8xxxu: retry firmware download on error ff5c6e3d251ea clk: renesas: rzg2l-cpg: Refactor Runtime PM clock validation 3a95341c65e4e perf/amd/ibs: Fix ->config to sample period calculation for OP PMU e225dbb03af65 perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt 46f1c2b508e33 firmware: arm_scmi: Relax duplicate name constraint across protocol ids ff84436446a02 bpftool: Fix readlink usage in get_fd_type c80b2d159c31f bpf: Use kallsyms to find the function name of a struct_ops's stub function c3fd672e6644a drm/ast: Find VBIOS mode from regular display size 538a82168e52b dm vdo: use a short static string for thread name prefix f8b4edbcf3531 dm vdo indexer: prevent unterminated string warning 0cc2aa7472085 irqchip/riscv-aplic: Add support for hart indexes a3300021d4875 ASoC: rt722-sdca: Add some missing readable registers 67f7080cb30e5 ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode b99c2faf40215 arm64: zynqmp: add clock-output-names property in clock nodes 9e3eaf7f750e1 HID: usbkbd: Fix the bit shift number for LED_KANA b5a1ef646ce13 wifi: ath12k: Avoid napi_sync() before napi_enable() dbb6efb3d8f34 scsi: st: Restore some drive settings after reset 1be28b37a6a7b scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails 609bc6e9c1869 scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk c670902775c20 scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine f5ce5628576dd net/mana: fix warning in the writer of client oob 7cc781374e20e drm/xe/relay: Don't use GFP_KERNEL for new transactions e2017f44c6d4a ice: count combined queues using Rx/Tx count 887e39ac4704e perf: Avoid the read if the count is already updated d402437cde36c rcu: fix header guard for rcu_all_qs() fcabb696743a4 rcu: handle unstable rdp in rcu_read_unlock_strict() 5cdaa970d73a4 rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y 65daba41f935e ice: treat dyn_allowed only as suggestion 3c8b4657a6d75 ice: init flow director before RDMA 58cdd1ee650b3 bridge: mdb: Allow replace of a host-joined group 76e56dbe508b3 net: flush_backlog() small changes ba59747562c49 r8169: don't scan PHY addresses > 0 ded26f9e4cdbe ipv4: ip_gre: Fix set but not used warning in ipgre_err() if IPv4-only a6644aeb8ddf1 vxlan: Annotate FDB data races 61e931ee145ee cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost b82e496531c57 net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled 91526279362d3 tools: ynl-gen: don't output external constants 37c07516ac6a5 eth: fbnic: set IFF_UNICAST_FLT to avoid enabling promiscuous mode when adding unicast addrs d2b58a10228a9 drm/rockchip: vop2: Improve display modes handling on RK3588 HDMI0 91c53b8cd81ce media: qcom: camss: Add default case in vfe_src_pad_code 85e0e03303390 media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available 1d15319323d84 f2fs: introduce f2fs_base_attr for global sysfs entries 77818483460b5 hwmon: (xgene-hwmon) use appropriate type for the latency value c4092cb06398f tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options 247b420fea798 net: page_pool: avoid false positive warning if NAPI was never added b063f36a929a3 clk: qcom: camcc-sm8250: Use clk_rcg2_shared_ops for some RCGs 2368794c0cf41 wifi: rtw89: call power_on ahead before selecting firmware 01edf9255f33d wifi: rtw89: fw: validate multi-firmware header before accessing f4c99c7b710b1 wifi: rtw89: fw: validate multi-firmware header before getting its size 2eb2cfca35801 wifi: rtw89: coex: Assign value over than 0 to avoid firmware timer hang 50f78100b9393 wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU 1c564864438b2 wifi: rtw88: Fix download_firmware_validate() for RTL8814AU 2a25d61107c6e ext4: remove writable userspace mappings before truncating page cache 73733c2fdb378 ext4: don't write back data before punch hole in nojournal mode 39255ab2edfb0 leds: trigger: netdev: Configure LED blink interval for HW offload 16ddd67bb5579 pstore: Change kmsg_bytes storage size to u32 556f53a8ec374 iio: adc: ad7944: don't use storagebits for sizing 7fea5a914001a r8152: add vendor/device ID pair for Dell Alienware AW1022z 9f2911868a733 ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). f9ab6efdee1ff arch/powerpc/perf: Check the instruction type before creating sample with perf_mem_data_src c2e02e2b21591 powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits 9aeaf1956e75a powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory 701118e6f621f net: fec: Refactor MAC reset to function 641ad8d64a08c wifi: mac80211: set ieee80211_prep_tx_info::link_id upon Auth Rx 8315b79220d2d wifi: mac80211: remove misplaced drv_mgd_complete_tx() call 26e384fafda89 wifi: mac80211: don't unconditionally call drv_mgd_complete_tx() 8e1800f1db7eb wifi: iwlwifi: don't warn during reprobe 15d8ceef9289f wifi: iwlwifi: use correct IMR dump variable 4d8fd111e0f55 mptcp: pm: userspace: flags: clearer msg if no remote addr 6a0997d78ffa3 wifi: ath12k: fix the ampdu id fetch in the HAL_RX_MPDU_START TLV 06daedb4439bb xfrm: prevent high SEQ input in non-ESN mode bbd6dc1fb6c56 drm/v3d: Add clock handling e5a69d1696323 net/mlx5e: reduce the max log mpwrq sz for ECPF and reps 74d153d8ec150 net/mlx5e: reduce rep rxq depth to 256 for ECPF af94d4f46c09a net/mlx5e: set the tx_queue_len for pfifo_fast a3a845ebc8f98 net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB 4a94ccac4930d net/mlx5: XDP, Enable TX side XDP multi-buffer support d4df87dae1444 scsi: target: spc: Fix loop traversal in spc_rsoc_get_descr() 9acae6e987058 drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() f5e9d0d206cbd drm/amdgpu: enlarge the VBIOS binary size limit 7ef18e2ffdc12 drm/amdgpu: Use active umc info from discovery 1bb46b5433a8a drm/amd/display: Populate register address for dentist for dcn401 af3d57ea9ec74 drm/amd/display: Use Nominal vBlank If Provided Instead Of Capping It e55c5704b12ee drm/amd/display: Increase block_sequence array size 17e40a52a1492 drm/amd/display: Initial psr_version with correct setting 563adeeeb0ffa drm/amd/display: Update CR AUX RD interval interpretation 47bfc7a02704f Revert "drm/amd/display: Exit idle optimizations before attempt to access PHY" 45068cc170ebf drm/amd/display: Support multiple options during psr entry. 4f4cb81def433 drm/amd/pm: Skip P2S load for SMU v13.0.12 a25d045ebfbce drm/amdgpu: reset psp->cmd to NULL after releasing the buffer ed2039d840a12 drm/amd/display: Don't try AUX transactions on disconnected link a8726bee7046d drm/amd/display: pass calculated dram_speed_mts to dml2 452807a863018 drm/amdgpu: Set snoop bit for SDMA for MI series 5ca70518bc23d drm/amdkfd: fix missing L2 cache info in topology 365d302ac763d drm/amdgpu/mes11: fix set_hw_resources_1 calculation 11c7fa11fa076 net: stmmac: dwmac-loongson: Set correct {tx,rx}_fifo_size 97dba4472e484 soundwire: cadence_master: set frame shape and divider based on actual clk freq c043867b654ec soundwire: amd: change the soundwire wake enable/disable sequence 164c9f5edf2ae phy: exynos5-usbdrd: fix EDS distribution tuning (gs101) ef31dc41cf67b phy: core: don't require set_mode() callback for phy_get_mode() to work afb512502f2d7 phy: phy-rockchip-samsung-hdptx: Swap the definitions of LCPLL_REF and ROPLL_REF a507a213e82ca pinctrl: renesas: rzg2l: Add suspend/resume support for pull up/down 5de11f82cbfd1 serial: sh-sci: Update the suspend/resume support e6e31b0182de5 sched: Reduce the default slice to avoid tasks getting an extra tick 9c5f85b72fa6d x86/traps: Cleanup and robustify decode_bug() eb6fd16b4fc4f x86/ibt: Handle FineIBT in handle_cfi_failure() b870651021223 drm/xe/debugfs: Add missing xe_pm_runtime_put in wedge_mode_set cf126a14584e5 drm/xe/debugfs: fixed the return value of wedged_mode_set 6469a2b1140d0 clk: qcom: clk-alpha-pll: Do not use random stack value for recalc rate 328a2ec198e70 clk: qcom: ipq5018: allow it to be bulid on arm32 01d28e67f567b drm/xe: Fix xe_tile_init_noalloc() error propagation 884d64e8e4dc6 drm/xe: Stop ignoring errors from xe_ttm_stolen_mgr_init() 50c5bbb45c7df net/mlx4_core: Avoid impossible mlx4_db_alloc() order value 69689d1138c85 media: v4l: Memset argument to 0 before calling get_mbus_config pad op 9a981079097be media: i2c: imx219: Correct the minimum vblanking value 12aeff4944dc6 kunit: tool: Use qboot on QEMU x86_64 8f5ce688c8318 smack: Revert "smackfs: Added check catlen" 316f2911fb11a smack: recognize ipv4 CIPSO w/o categories 5b1b4cb46d951 pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map c4260bf83b429 ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() 2ea042779621d ASoC: tas2764: Power up/down amp on mute ops 409c12ce79b33 ASoC: tas2764: Mark SW_RESET as volatile 8d8083881ecbb ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG 000dd6e3441fc ASoC: ops: Enforce platform maximum on initial value 83ea947238953 firmware: xilinx: Dont send linux address to get fpga config get status e1c4bb3774421 firmware: arm_ffa: Handle the presence of host partition in the partition info 3a3fab1be5a0c firmware: arm_ffa: Reject higher major version as incompatible 587386c56fb88 net/mlx5: Apply rate-limiting to high temperature warning c4e1ce22b9ab9 net/mlx5: Modify LSB bitmask in temperature event to include only the first bit 3770acff3110f media: test-drivers: vivid: don't call schedule in loop 2fe6284364423 irqchip/riscv-imsic: Set irq_set_affinity() for IMSIC base dc5f5c9d2bbc6 hrtimers: Replace hrtimer_clock_to_base_table with switch-case 7f131fda2654e vxlan: Join / leave MC group after remote changes 1fb8106316a21 ACPI: HED: Always initialize before evged 82b54455b6b7f PCI: Fix old_size lower bound in calculate_iosize() too 161cc125043a2 eth: mlx4: don't try to complete XDP frames in netpoll 46ba5757a7a47 bpf: copy_verifier_state() should copy 'loop_entry' field 2b129e89b8c6e bpf: don't do clean_live_states when state->loop_entry->branches > 0 eaeb67bd851ce can: c_can: Use of_property_present() to test existence of DT property a89326d35bf6f pmdomain: imx: gpcv2: use proper helper for property detection 3ccfdd5b33742 RDMA/core: Fix best page size finding when it can cross SG entries e6a46719a2369 serial: mctrl_gpio: split disable_ms into sync and no_sync APIs b14e726d57f61 drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink cee5d56fa783f Revert "drm/amd/display: Request HW cursor on DCN3.2 with SubVP" 775f3afa6ade1 drm/amd/display: Read LTTPR ALPM caps during link cap retrieval 1e826acee1165 drm/amd/display: Fix BT2020 YCbCr limited/full range input 2bba67f03071a drm/amd/display: Guard against setting dispclk low when active b02b561bf7692 drm/amd/display: Add support for disconnected eDP streams 94e6687ceda91 drm/amd/pm: Fetch current power limit from PMFW 098788e118d1e irqchip/riscv-imsic: Separate next and previous pointers in IMSIC vector d85004266a32c eeprom: ee1004: Check chip before probing 011a62d2d79ac mfd: axp20x: AXP717: Add AXP717_TS_PIN_CFG to writeable regs a82c0c3996771 i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) 7d0c92af8d355 EDAC/ie31200: work around false positive build warning 4593aaf48fc16 power: supply: axp20x_battery: Update temp sensor for AXP717 from device tree 6b1d3e9db82d0 net: pktgen: fix access outside of user given buffer in pktgen_thread_write() d37783f25a3c8 wifi: rtw89: 8922a: fix incorrect STA-ID in EHT MU PPDU 7dafba4e854cd wifi: rtw89: fw: add blacklist to avoid obsolete secure firmware 6ffcf25e63226 wifi: rtw89: fw: get sb_sel_ver via get_unaligned_le32() 1cbef396c5f3b wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() a4523765fa3a9 wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 adcc65afaa979 wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU 9a3f80a727aac wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU 1653c72dabfd6 scsi: mpt3sas: Send a diag reset if target reset fails b5038d313a3b7 PCI: epf-mhi: Update device ID for SA8775P 0b21e99cf638b clocksource: mips-gic-timer: Enable counter when CPUs start 1a3529f36f26e MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core 53f42776e435f genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie 5111c2e0cf2b6 x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() 95b8f2b7d9312 drm/amdgpu: remove all KFD fences from the BO on release af706d0e279fc MIPS: Use arch specific syscall name match function 9058b48578aea drm/xe/oa: Ensure that polled read returns latest data 4d9fa2ebc01c4 net: ipv6: Init tunnel link-netns before registering dev 897c98fb32801 crypto: skcipher - Zap type in crypto_alloc_sync_skcipher 9f27b38771b05 crypto: ahash - Set default reqsize from ahash_alg 562e512f6bf99 x86/kaslr: Reduce KASLR entropy on most x86 systems 0bdaab17a2a17 net/mlx5: Change POOL_NEXT_SIZE define value and make it global d2d76fc02543a scsi: scsi_debug: First fixes for tapes b55a97d1bd408 dm: fix unconditional IO throttle caused by REQ_PREFLUSH 2c600cbe33f20 libbpf: Fix out-of-bound read 20a53c3689a20 loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize 5b62f941eae80 scsi: mpi3mr: Update timestamp only for supervisor IOCs a68686c08b70b net/mlx5e: Add correct match to check IPSec syndromes for switchdev mode c2aa6567a6a48 media: tc358746: improve calculation of the D-PHY timing registers bb8fb041cba26 media: adv7180: Disable test-pattern control on adv7180 083383aba01f2 cpuidle: menu: Avoid discarding useful information 0d508cefcd24a vdpa/mlx5: Fix mlx5_vdpa_get_config() endianness on big-endian machines 6398dd09d50b4 vhost-scsi: Return queue full for page alloc failures during copy 7eb29d704d276 x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() 7bbfaa24c02f4 ASoC: mediatek: mt8188: Add reference for dmic clocks 4a21b57d83c55 ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile 6e5935b755b4a drm/amd/display: Fix mismatch type comparison 990e4fb37bcd4 drm/amd/display: fix dcn4x init failed 54dd746ed8a30 drm/amd/display: handle max_downscale_src_width fail check 5cab1de0cea28 x86/build: Fix broken copy command in genimage.sh when making isoimage de48b82dcf583 Octeontx2-af: RPM: Register driver with PCI subsys IDs 673dde8d3c3ec bpf: Search and add kfuncs in struct_ops prologue and epilogue 06100e642f4b8 soc: ti: k3-socinfo: Do not use syscon helper to build regmap 54ef1a89e287e wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band e39fd41117bd9 bonding: report duplicate MAC address in all situations f872f7aaa4cac net: xgene-v2: remove incorrect ACPI_PTR annotation 459b3f7cf0dcf net: ethernet: mtk_ppe_offload: Allow QinQ, double ETH_P_8021Q only 562b4f70bf88a leds: pwm-multicolor: Add check for fwnode_property_read_u32 b8fcb1cdbfc0c drm/xe: xe_gen_wa_oob: replace program_invocation_short_name 0d8562e358176 drm/amdkfd: KFD release_work possible circular locking 1dd943dfb56f8 pinctrl: sophgo: avoid to modify untouched bit when setting cv1800 pinconf baaf3084c2cb9 selftests/net: have `gro.sh -t` return a correct exit code 11e721443c564 net/mlx5: Avoid report two health errors on same syndrome 1f512005f497d drm/xe/pf: Create a link between PF and VF devices df888ad55f8f8 drm/xe/vf: Retry sending MMIO request to GUC on timeout error 3a3efeef64364 firmware: arm_ffa: Set dma_mask for ffa devices 12153e3948c59 PCI: brcmstb: Add a softdep to MIP MSI-X driver 3ffaa2e999380 PCI: brcmstb: Expand inbound window size up to 64GB 7add9c10ca284 wifi: ath12k: Report proper tx completion status to mac80211 1c2c538bbd602 soc: apple: rtkit: Implement OSLog buffers properly 92c6687ba951f soc: apple: rtkit: Use high prio work queue e359d62886cb1 perf: arm_pmuv3: Call kvm_vcpu_pmu_resync_el0() before enabling counters b38fbf98645be fpga: altera-cvp: Increase credit timeout 7857d8977e986 drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence 89800836bf32f ARM: at91: pm: fix at91_suspend_finish for ZQ calibration cd62e9d42fe76 hwmon: (gpio-fan) Add missing mutex locks e7e30a4a37d1e x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 0d232fa3b0769 clk: imx8mp: inform CCF of maximum frequency of clocks 2d6231d5ce9b6 media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value b98aad5e5ebf9 media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map 82209faa87f4a ublk: complete command synchronously on error 564f03a7970c2 block: mark bounce buffering as incompatible with integrity f7226dedac039 drm/rockchip: vop2: Add uv swap for cluster window f33b310eac36a ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). 3de322a98b365 scsi: logging: Fix scsi_logging_level bounds 500d22dbd9662 ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 592ba27580364 perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint type f9d15ef2e069d net: pktgen: fix mpls maximum labels list parsing 8d7e13c31c526 media: imx335: Set vblank immediately 4176d6f2a67b8 iommufd: Disallow allocating nested parent domain with fault ID af73c8fd7388d ublk: enforce ublks_max only for unprivileged devices c4f025a58eef1 dpll: Add an assertion to check freq_supported_num ebaed867bfd1e net: phy: nxp-c45-tja11xx: add match_phy_device to TJA1103/TJA1104 94df9fd015ace net: ethernet: ti: cpsw_new: populate netdev of_node 1a4a834f2af5b rcu: Fix get_state_synchronize_rcu_full() GP-start detection 5aba8ac434d8b pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" 4731d5328f507 media: cx231xx: set device_caps for 417 f29c876d72d71 perf/core: Clean up perf_try_init_event() cc714c89ef5a9 drm/amd/display: Request HW cursor on DCN3.2 with SubVP 1f2b3ea00717f drm/amd/display: Fix p-state type when p-state is unsupported e015cef8b78f6 drm/amd/display: Fix DMUB reset sequence for DCN401 682c4226f317e drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination 5bf0fd2bd5efb drm/amd/display: Ensure DMCUB idle before reset on DCN31/DCN35 a23f3910123b5 drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c 69bb5b3ae3480 remoteproc: qcom_wcnss: Handle platforms with only single power domain 95080412e9304 blk-throttle: don't take carryover for prioritized processing of metadata c4525b513de39 net: phylink: use pl->link_interface in phylink_expects_phy() 93f581d7634ff drm/gem: Test for imported GEM buffers with helper cd918ec24168f orangefs: Do not truncate file size 6ad0673ab24f0 soc: mediatek: mtk-mutex: Add DPI1 SOF/EOF to MT8188 mutex tables cc80a5cc52093 dm cache: prevent BUG_ON by blocking retries on failed device resumes 1c171908807cb usb: xhci: set page size to the xHCI-supported size 5520fed18df86 media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() 25056d1fe57eb ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 8fc16414c3ef7 soc: samsung: include linux/array_size.h where needed 4943c0bae1248 drm/xe: Retry BO allocation 623669ae7a820 drm/xe: Nuke VM's mapping upon close a3642d2d73a97 ieee802154: ca8210: Use proper setters and getters for bitwise types 3afa1610e5a4e rtc: ds1307: stop disabling alarms on probe 73d01bcbf2aad tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() a06861298554b ALSA: seq: Improve data consistency at polling 515a21a5e19ab powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 09193145d1180 arm64: tegra: Resize aperture for the IGX PCIe C5 slot 2f0044e20fab1 arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator ecaa856227ae4 drm/amdgpu: Fix missing drain retry fault the last entry c700730d816d6 drm/amdkfd: Set per-process flags only once cik/vi e1901e8e6bbc4 drm/amdkfd: Set per-process flags only once for gfx9/10/11/12 6a1706dfe0569 crypto: mxs-dcp - Only set OTP_KEY bit for OTP key 7caad075acb63 crypto: lzo - Fix compression buffer overrun f615e8d2dec67 misc: pci_endpoint_test: Give disabled BARs a distinct error code fe2329eff5bee PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops 1e0398a349e85 watchdog: aspeed: Update bootstatus handling d95fdee2253e6 cpufreq: tegra186: Share policy per cluster 11be3d3f956ba iommu/amd/pgtbl_v2: Improve error handling 9032252905664 coresight-etb10: change etb_drvdata spinlock's type to raw_spinlock_t 75ae2a3553611 badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0 7bd6061b0a44b ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() 84c069dc5fc89 auxdisplay: charlcd: Partially revert "Move hwidth and bwidth to struct hd44780_common" 53ce754286180 gfs2: Check for empty queue in run_queue ff11cd673e477 drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch ed7eda66b20cb drm/amd/display: not abort link train when bw is low 83e4f1de0802b drm/amd/display: calculate the remain segments for all pipes 65e51bc2803bb drm/amd/display: remove minimum Dispclk and apply oem panel timing. c1502fc84d1c6 ipv6: save dontfrag in cork faba68a86ab79 wifi: cfg80211: allow IR in 20 MHz configurations 22d8cc7f5d5a9 wifi: mac80211_hwsim: Fix MLD address translation 07709d31829fd wifi: mac80211: fix warning on disconnect during failed ML reconf a791a6bf02c49 wifi: iwlwifi: fix the ECKV UEFI variable name 7ce37a3ca0907 wifi: iwlwifi: mark Br device not integrated 181e8b56b74ad wifi: iwlwifi: fix debug actions order 1c55feb63827f wifi: iwlwifi: w/a FW SMPS mode selection 0446d34a853d9 wifi: iwlwifi: don't warn when if there is a FW error 101a3b9920a79 printk: Check CON_SUSPEND when unblanking a console 063ad8885c7c6 iommu: Keep dev->iommu state consistent a21f1607d0b3c hwmon: (dell-smm) Increment the number of fans aef1b639ae2a8 wifi: iwlwifi: mvm: fix setting the TK when associated 3a75fe58a164a usb: xhci: Don't change the status of stalled TDs on failed Stop EP 28306c58daf81 mmc: sdhci: Disable SD card clock before changing parameters 38828e0dc771c mmc: dw_mmc: add exynos7870 DW MMC support 8ad58a7eba6db arm64/mm: Check PUD_TYPE_TABLE in pud_bad() 6215143ad372d arm64/mm: Check pmd_table() in pmd_trans_huge() 4f89f257f32da phy: rockchip: usbdp: Only verify link rates/lanes/voltage when the corresponding set flags are set 236a87e9d2110 PNP: Expand length of fixup id string 21153e0974fcc netfilter: conntrack: Bound nf_conntrack sysctl writes 4210174827586 wifi: rtw89: set force HE TB mode when connecting to 11ax AP 3fb9ee05ec15f timer_list: Don't use %pK through printk() 6e816a97fa840 net: hsr: Fix PRP duplicate detection f933879c5b6a6 net: stmmac: dwmac-rk: Validate GRF and peripheral GRF during probe ae22452d15c89 posix-timers: Ensure that timer initialization is fully visible d0dc233fe2241 posix-timers: Add cond_resched() to posix_timer_add() search loop 135dde13b96d5 RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() 785ac69911332 ext4: do not convert the unwritten extents if data writeback fails 2f5f326214321 ext4: reject the 'data_err=abort' option in nojournal mode 3039f0c9c7554 clk: qcom: lpassaudiocc-sc7280: Add support for LPASS resets for QCM6490 3673382803c51 ASoC: sun4i-codec: support hp-det-gpios property de3c09de746f7 drm/amdgpu: Update SRIOV video codec caps 858425dc2df3e drm/amdgpu/gfx11: don't read registers in mqd init 73d437ae63ce6 drm/amdgpu/gfx12: don't read registers in mqd init 580750a317d7b mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check 27b19f29c9a06 pinctrl-tegra: Restore SFSEL bit when freeing pins f5363ffdabc2a xen: Add support for XenServer 6.1 platform device 8ef935698f3fd net/smc: use the correct ndev to find pnetid by pnetid table 174dedce648aa dm: restrict dm device size to 2^63-512 bytes ee87fc3a1271f crypto: octeontx2 - suppress auth failure screaming due to negative tests 572ed3fb99c4e kconfig: do not clear SYMBOL_VALID when reading include/config/auto.conf 61d7c8a753445 kbuild: fix argument parsing in scripts/config 555c0b713ca83 bpf: Allow pre-ordering for bpf cgroup progs 6c303960b1443 ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect e8358aa00ea7b ASoC: pcm6240: Drop bogus code handling IRQ as GPIO 0076b0423b2cd spi: spi-mux: Fix coverity issue, unchecked return value b35ccfdc8573e erofs: initialize decompression early c8c643809f4a1 thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer 2585e6cbd96eb objtool: Fix error handling inconsistencies in check() a0d34b9be2bee rtc: rv3032: fix EERD location dab35f4921f85 tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() 50452704ecbad jbd2: do not try to recover wiped journal e2520cc19b758 PCI: dwc: Use resource start as ioremap() input in dw_pcie_pme_turn_off() e658f2d94a74c bpf: Return prog btf_id without capable check 66e8f1d64b1b0 vfio/pci: Handle INTx IRQ_NOTCONNECTED 0268f485aa69f scsi: st: ERASE does not change tape location c6d366f8d24ff scsi: st: Tighten the page format heuristics with MODE SELECT 853a4e7439ef1 hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure 94c3cbc69abbb ext4: reorder capability check last a55ebe30f17a0 riscv: Call secondary mmu notifier when flushing the tlb 5cdd304662d54 bnxt_en: Query FW parameters when the CAPS_CHANGE bit is set 34253084291cb wifi: mwifiex: Fix HT40 bandwidth issue. 728945c962695 um: Update min_low_pfn to match changes in uml_reserved d6d2f664cbf3b um: Store full CSGSFS and SS register from mcontext 7790a9449cf43 clocksource/drivers/timer-riscv: Stop stimecmp when cpu hotplug 39ff1903246aa dlm: make tcp still work in multi-link env f3ea633a111e0 s390/tlb: Use mm_has_pgste() instead of mm_alloc_pgste() 1ea4653cff35c i3c: master: svc: Fix missing STOP for master request 94206e0d72f7a drm/amdgpu: adjust drm_firmware_drivers_only() handling 85bda883a634c drm/amd/display: Guard against setting dispclk low for dcn31x ca8fcb8bcef33 drm/amdgpu: release xcp_mgr on exit a5a507fa5f223 blk-cgroup: improve policy registration error handling c60f8684a8118 btrfs: send: return -ENAMETOOLONG when attempting a path that is too long c4845a09a1edd btrfs: get zone unusable bytes while holding lock at btrfs_reclaim_bgs_work() 0058c61d47ee1 btrfs: fix non-empty delayed iputs list on unmount due to async workers 8629f9d9a92e8 btrfs: run btrfs_error_commit_super() early a4840945f514c btrfs: avoid linker error in btrfs_find_create_tree_block() 1144874b41dcd btrfs: make btrfs_discard_workfn() block_group ref explicit 477a412a2f6cc i2c: pxa: fix call balance of i2c->clk handling routines 3b9cf1c0fafa2 i2c: qup: Vote for interconnect bandwidth to DRAM c6f2694c580c2 x86/mm: Check return value from memblock_phys_alloc_range() d0f9875257440 x86/microcode: Update the Intel processor flag scan check 8973fb71c9269 x86/smpboot: Fix INIT delay assignment for extended Intel Families 44e041675383b x86/stackprotector/64: Only export __ref_stack_chk_guard on CONFIG_SMP 63b7dade892b6 x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers ac3af695c4b00 wifi: mt76: mt7925: fix fails to enter low power mode in suspend state 8b526e4d944ae wifi: mt76: mt7925: load the appropriate CLC data based on hardware type c9c64da88e38d wifi: mt76: mt7996: revise TXS size 1d58321192052 wifi: mt76: mt7996: fix SER reset trigger on WED reset fa6c05122fb82 wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 8f82cf305efd6 cgroup/rstat: avoid disabling irqs for O(num_cpu) dca76ee1f02ae drm/amdgpu: Skip pcie_replay_count sysfs creation for VF 67bb2175095eb mmc: host: Wait for Vdd to settle on card power off 4005036642a27 staging: vchiq_arm: Create keep-alive thread during probe 123bcd8f42b7e pidfs: improve multi-threaded exec and premature thread-group leader exit polling 1d1e1efad1cf0 libnvdimm/labels: Fix divide error in nd_label_data_init() 37ac2434aae16 ext4: on a remount, only log the ro or r/w state when it has changed 3e10592b477ec xen/pci: Do not register devices with segments >= 0x10000 2a8bedeb963f0 PCI: vmd: Disable MSI remapping bypass under Xen 8b80fd3f76f2a drm/amdkfd: set precise mem ops caps to disabled for gfx 11 and 12 98e38fe7d3557 drm/amdgpu/discovery: check ip_discovery fw file available 1630224189cc4 pNFS/flexfiles: Report ENETDOWN as a connection error a1596965a7c82 tools/build: Don't pass test log files to linker 2780aa8394415 r8169: disable RTL8126 ZRX-DC timeout e63b634806a1d PCI: dwc: ep: Ensure proper iteration over outbound map windows c0c59a1f77665 objtool: Properly disable uaccess validation ac30595154da0 lockdep: Fix wait context check on softirq for PREEMPT_RT 44b79041c44ae dql: Fix dql->limit value when reset. f48ee562c095e Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken 7ec409ee15ac1 Bluetooth: btmtksdio: Prevent enabling interrupts after IRQ handler removal 7cfde2a482800 thermal/drivers/qoriq: Power down TMU on system suspend c347928320080 thermal/drivers/mediatek/lvts: Start sensor interrupts disabled 7b32d4e62c871 net: tn40xx: create swnode for mdio and aqr105 phy and add to mdiobus b07ba838aded8 net: tn40xx: add pci-id of the aqr105-based Tehuti TN4010 cards 9e542640c2e59 mctp: Fix incorrect tx flow invalidation condition in mctp-i2c c0d63ee0dd063 ASoC: codecs: wsa883x: Correct VI sense channel mask 780699001b8e2 ASoC: codecs: wsa884x: Correct VI sense channel mask ace57bd1fb49d spi-rockchip: Fix register out of bounds access dac9e6af5328f SUNRPC: rpcbind should never reset the port to the value '0' 984d8a392f6b3 SUNRPC: rpc_clnt_set_transport() must not change the autobind setting 71e07bb1556c7 NFSv4: Treat ENETUNREACH errors as fatal for state recovery 1e317f5781160 cifs: Fix establishing NetBIOS session for SMB2+ connection 51d44dba94e79 cifs: add validation check for the fields in smb_aces 15c961d7a9e5f cifs: Set default Netbios RFC1001 server name to hostname in UNC ff968e486e420 fbdev: core: tileblit: Implement missing margin clearing for tileblit 8c912c0a6860c fbcon: Use correct erase colour for clearing in fbcon 230abe5d3f68b fbdev: fsl-diu-fb: add missing device_remove_file() 6427b5c0f0aae riscv: Allow NOMMU kernels to access all of RAM 15787ab82a461 mailbox: use error ret code of of_parse_phandle_with_args() 2c80f975e94d5 mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() 2d21895e77c64 tpm: Convert warn to dbg in tpm2_start_auth_session() 2eb8f4701961b ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list 4f427ca9edf89 tracing: Mark binary printing functions with __printf() attribute b4c11dd41c40c iommufd: Extend IOMMU_GET_HW_INFO to report PASID capability e506751b7dd98 arm64: Add support for HIP09 Spectre-BHB mitigation 1a9b696a003ae SUNRPC: Don't allow waiting for exiting tasks ac83bf58f6876 NFS: Don't allow waiting for exiting tasks 46a47dc10fa78 NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() 01677e7ee12f2 io_uring/msg: initialise msg request opcode bab0bd138910e exfat: call bh_read in get_block only when necessary d40ca27602eab fuse: Return EPERM rather than ENOSYS from link() c9a508b6bbd2f smb: client: Store original IO parameters and prevent zero IO sizes 150f38eddefc4 cifs: Fix negotiate retry functionality 0705b6d5bc328 cifs: Fix querying and creating MF symlinks over SMB1 6ebb9d54eccc8 cifs: Add fallback for SMB2 CREATE without FILE_READ_ATTRIBUTES 100b452e0eeda s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log c42f740a07eea x86/fred: Fix system hang during S4 resume with FRED enabled 192b02f8c7ba8 kconfig: merge_config: use an empty file as initfile dac9d6ad5eaf7 samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora 8014d3e56ec0c bpf: fix possible endless loop in BPF map iteration 218c838d0356a io_uring: don't duplicate flushing in io_req_post_cqe 64f505b08e0cf block: fix race between set_blocksize and read paths e9f646f089bc3 selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure cd39fae34f094 drm/amdgpu: Allow P2P access through XGMI 36cb568f559ad drm/amd/display: Enable urgent latency adjustment on DCN35 9ece099e951a5 fs/ext4: use sleeping version of sb_find_get_block() f1c5aa614b5c2 fs/jbd2: use sleeping version of __find_get_block() aafc270531431 fs/ocfs2: use sleeping version of __find_get_block() a49a4a87cea36 fs/buffer: use sleeping version of __find_get_block() e138fc2316c32 fs/buffer: introduce sleeping flavors for pagecache lookups 4f5553a08fb74 fs/buffer: split locking for pagecache lookups 836917e7a65cd ima: process_measurement() needlessly takes inode_lock() on MAY_READ e22034cbee52b dma-mapping: Fix warning reported for missing prototype 7f7f70c316976 net: enetc: refactor bulk flipping of RX buffers to separate function 523c08f630a3d scsi: mpi3mr: Add level check to control event logging bd8c9404e44ad vhost-scsi: protect vq->log_used with vq->mutex f93675793bdcd vhost_task: fix vhost_task_create() documentation 97edaa0ec64c5 cgroup: Fix compilation issue due to cgroup_mutex not being exported 3eec42a17ad4d dma-mapping: avoid potential unused data compilation warning a8dd6b7b391d9 mei: vsc: Use struct vsc_tp_packet as vsc-tp tx_buf and rx_buf type de8c0b93a63cf intel_th: avoid using deprecated page->mapping, index fields 299881317756d dma/mapping.c: dev_dbg support for dma_addressing_limited b730cb109633c virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN 7aea1517fb6c9 scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices 87389bff743c5 scsi: target: iscsi: Fix timeout on deleted connection 1603a34b80ffb nvmem: qfprom: switch to 4-byte aligned reads 410f8b72e02c6 nvmem: core: update raw_len if the bit reading is required 4327479e559c0 nvmem: core: verify cell's raw_len a4f865ecdbdd2 nvmem: core: fix bit offsets of more than one byte d6abe0f6ade98 nvmem: rockchip-otp: add rk3576 variant data 49b4e88b559cd nvmem: rockchip-otp: Move read-offset into variant-data 3fc60952271b6 cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist c000fc26c431e phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off 918d43686271e phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data 64cf5b896fd39 phy: renesas: rcar-gen3-usb2: Move IRQ request in probe 0abae7dc42f21 i2c: designware: Fix an error handling path in i2c_dw_pci_probe() 0d1002c60cd47 i2c: designware: Use temporary variable for struct device 4fa55c5230f4c drm/amd/display: Defer BW-optimization-blocked DRR adjustments 5f05863810cfd drm/amd/display: Correct timing_adjust_pending flag setting. 839b2350b861f drm/amd/display: Do not enable replay when vtotal update is pending. 892f054b3fa2a drm/amd/display: Configure DTBCLK_P with OPTC only for dcn401 Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit fdb0a51598156f99aa91f7495d7eada92a459e97) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_6.12.bb | 6 ++-- .../linux/linux-yocto-tiny_6.12.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb index 2088717489..1f61008bd6 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb @@ -14,13 +14,13 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "3d3d56a846c993611859096016322dccea1317cd" -SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" +SRCREV_machine ?= "4127c6137af28c2c91ec79acee60fe4d4d70db9b" +SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" -LINUX_VERSION ?= "6.12.30" +LINUX_VERSION ?= "6.12.31" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb index 90a00f7cd5..d92862a426 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb @@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc # CVE exclusions include recipes-kernel/linux/cve-exclusion_6.12.inc -LINUX_VERSION ?= "6.12.30" +LINUX_VERSION ?= "6.12.31" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}" @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" +SRCREV_machine ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb index 52ffb9882f..4ecb8276ea 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb @@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base" KBRANCH:qemuloongarch64 ?= "v6.12/standard/base" KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "5c1cc01b780f83de6f9c0bacf45ffa2de68be95c" -SRCREV_machine:qemuarm64 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemuloongarch64 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemumips ?= "87d7d289ec3d56a1bd1d7a7c7cb46af8cf6c0f27" -SRCREV_machine:qemuppc ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemuriscv64 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemuriscv32 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemux86 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemux86-64 ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_machine:qemumips64 ?= "98a85ed93bd5eaefe30c4aa3f7c15549be2bd032" -SRCREV_machine ?= "0898369ce44f92eba60ae9bf0013bc4338ce840e" -SRCREV_meta ?= "3a5fec1707626251d69b7548f024856d838cc7db" +SRCREV_machine:qemuarm ?= "4260a7bd706072e6bec438cdc29f44845d380b21" +SRCREV_machine:qemuarm64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemuloongarch64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemumips ?= "681fad27d382f2e0eb53d1b46f9d35aa2332248f" +SRCREV_machine:qemuppc ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemuriscv64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemuriscv32 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemux86 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemux86-64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_machine:qemumips64 ?= "c32033ad8eac09b074c44a42e7d34d398df9d172" +SRCREV_machine ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" +SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same # meta SRCREV as the linux-yocto-standard builds. Select your version using the # normal PREFERRED_VERSION settings. BBCLASSEXTEND = "devupstream:target" -SRCREV_machine:class-devupstream ?= "e0e2f78243385e7188a57fcfceb6a19f723f1dff" +SRCREV_machine:class-devupstream ?= "df3f6d10f353de274cc7c87f52dba5d26f185393" PN:class-devupstream = "linux-yocto-upstream" KBRANCH:class-devupstream = "v6.12/base" @@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46" -LINUX_VERSION ?= "6.12.30" +LINUX_VERSION ?= "6.12.31" PV = "${LINUX_VERSION}+git" From patchwork Wed Jul 2 03:12:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66077 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C753C83038 for ; Wed, 2 Jul 2025 03:13:01 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.15058.1751425974152065311 for ; Tue, 01 Jul 2025 20:12:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fx7cgvbE; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-74b50c71b0aso188388b3a.0 for ; Tue, 01 Jul 2025 20:12:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425973; x=1752030773; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zBuDlhW0QIiEDtNtEUtOkn4zZFNZI3jsa4VOwWgwTwQ=; b=fx7cgvbE7qF94Z+wkh4OZQgEloE9ZCB9BJuIs8/Ksk4TRXQHex9wslWIuV5AzKpK4d bveDkZF0VzNql5oph8pKVK3n48M8bpxd7RZp9r+KVHSFnCjpefDULgiIq+KFle239adF u3ohIAxtQuXbvADGdbjiyIBQcPBzANa8d5FhBlZU+qz2bXRu3lK5cGaM3+pBmcBA3qIQ 7rZ2dLuVuNdYErTSSXZRXcldKekR572mFRznn8ni1W8ya7/+AyIW1Iauv9k2pduaSgVw TVjlkyfBxIkmNSQNuV+PjS23J8yAP8p1s8kQh3cmBfeEUxERRXZ+0INfAB3TF4MBImTC UX/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425973; x=1752030773; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zBuDlhW0QIiEDtNtEUtOkn4zZFNZI3jsa4VOwWgwTwQ=; b=gqjzRFI6GyD3vFdH8hMaBeWPyiIyXIxn1ams97VtJdyjSUwdvpTrOYmS0Qv4dY01E1 QeNF6+jPysSB4+onnSOmTvyxnZStu+yryYwwD1fyoVRzOovrPrTMaEQYs5OJnCTIvm05 CkhgzR1PGFu9+TGOyRdkm9NrViEt78kp4Mk5my50hy5FTBZIFCeaDmpYwVuxxv2CSsjO Pv/2Dqov7Fb8b76yUdazjk9KCOF8F/AxfeHN0F+bimDJg8mBOMNC/G1xFCAKKxfQdaNk E9YONuOAHytFnx15qAUYzN+0TuhS+4HZ2rWLzJKC2jTBg2e6UwH+RfAf1mqx8h3gi2mE LsUQ== X-Gm-Message-State: AOJu0YyVxrD8RbJe3vKWFjm5Vah2bE/XbYYpNbGLixH6vGwcOWg7THG+ wUV/hm7eRFCta1fvvoja352oBzi46d6CcHiHeiTvzhBNd7PvjbfsrgE9d/evv+9/zETU5ffIrk1 G5BEo X-Gm-Gg: ASbGnctSV2cf+KhZkKUFTR/P2SXMW71SD0gERrRXwqIdkTaeL2NoM+xuw+Pd1nGOVkI F8uqZQaeNi/E581qmRzZLyspZvIvieGcdHl2+yYX+EHSQ0M+lrinUxIzkbO5ge4avbu4c82FKMF CQalnf0WKgQthm2buSBR3TedvxBUwMH05SkAmkTOMbNMEQHYuiihfenrdfZhgZAT+13MwunUqYz UpR9Ti/notJCAGBum9bj1V6tRyieqedznwVeGP1oqmsQru/2aExe1S4raW4CiEd6byp8qpBti/b eN7J2e22TKWphEhrMUrRLHFBPqjubu+0+5h9FJuW5DHwHFOoHWFIsmv0Ra/fv/PE X-Google-Smtp-Source: AGHT+IHiNS292cJJBG7eDPFkk7uSfnRut0eI8AvRLbLLCRB+EPcjS4ntlhvhMvGmHodvEjUZ2oQ2cA== X-Received: by 2002:a05:6a20:d80a:b0:216:5f67:98f7 with SMTP id adf61e73a8af0-222d7f071ffmr2122195637.33.1751425973348; Tue, 01 Jul 2025 20:12:53 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 18/19] linux-yocto: refresh CVE exclusion list for 6.12.31 Date: Tue, 1 Jul 2025 20:12:03 -0700 Message-ID: <2b8fb722cd3cbc8f41315b2d88302bcf77bb681b.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:13:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219772 From: Ross Burton Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 890041f5ed06be1c0a655030af35484d98fe3e7a) Signed-off-by: Steve Sakoman --- .../linux/cve-exclusion_6.12.inc | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc index d33880eae0..199ea019d5 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc @@ -1,11 +1,11 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2025-05-29 10:54:43.823437+00:00 for kernel version 6.12.30 -# From cvelistV5 cve_2025-05-29_1000Z-1-g4f2590b715f +# Generated at 2025-06-05 16:29:20.725105+00:00 for kernel version 6.12.31 +# From cvelistV5 cve_2025-06-05_1600Z python check_kernel_cve_status_version() { - this_version = "6.12.30" + this_version = "6.12.31" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -5054,8 +5054,6 @@ CVE_STATUS[CVE-2023-53023] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53024] = "fixed-version: Fixed from version 6.2" -CVE_STATUS[CVE-2023-53025] = "fixed-version: Fixed from version 6.2" - CVE_STATUS[CVE-2023-53026] = "fixed-version: Fixed from version 6.2" CVE_STATUS[CVE-2023-53028] = "fixed-version: Fixed from version 6.1.8" @@ -12564,8 +12562,6 @@ CVE_STATUS[CVE-2025-37780] = "cpe-stable-backport: Backported in 6.12.25" CVE_STATUS[CVE-2025-37781] = "cpe-stable-backport: Backported in 6.12.25" -CVE_STATUS[CVE-2025-37782] = "cpe-stable-backport: Backported in 6.12.25" - CVE_STATUS[CVE-2025-37783] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-37784] = "cpe-stable-backport: Backported in 6.12.25" @@ -12660,8 +12656,6 @@ CVE_STATUS[CVE-2025-37830] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37831] = "cpe-stable-backport: Backported in 6.12.26" -CVE_STATUS[CVE-2025-37832] = "cpe-stable-backport: Backported in 6.12.26" - CVE_STATUS[CVE-2025-37833] = "cpe-stable-backport: Backported in 6.12.26" CVE_STATUS[CVE-2025-37834] = "cpe-stable-backport: Backported in 6.12.26" @@ -12978,6 +12972,20 @@ CVE_STATUS[CVE-2025-37991] = "cpe-stable-backport: Backported in 6.12.28" CVE_STATUS[CVE-2025-37992] = "cpe-stable-backport: Backported in 6.12.30" +CVE_STATUS[CVE-2025-37993] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37994] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37995] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37996] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-37997] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37998] = "cpe-stable-backport: Backported in 6.12.29" + +CVE_STATUS[CVE-2025-37999] = "cpe-stable-backport: Backported in 6.12.29" + CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23" # CVE-2025-38104 needs backporting (fixed from 6.15) From patchwork Wed Jul 2 03:12:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 66078 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1202CC8303D for ; Wed, 2 Jul 2025 03:13:01 +0000 (UTC) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mx.groups.io with SMTP id smtpd.web10.15060.1751425975660734193 for ; Tue, 01 Jul 2025 20:12:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=kRiBMh8X; spf=softfail (domain: sakoman.com, ip: 209.85.210.179, mailfrom: steve@sakoman.com) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-7399a2dc13fso4848624b3a.2 for ; Tue, 01 Jul 2025 20:12:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751425975; x=1752030775; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CyaMVJCtbVTUUadfSSC5KMTnf/pJIrofZuGkYjAGLhg=; b=kRiBMh8XjghFqNwOsTQ+gJVmIitwKZHGFKc2Veuhd05/0bDA9pbSg1ox3dsYnrWzD6 mVg3nN/VhLKUU2OekjX//Erg/jMj0RaLszgDS8cC1AXyn13UK5GWbgLe2uZuwJxGFmg6 7Wsu2gxs2Az9INvwHl59VrLWQnuergXwjh/f3adcjqAErjLM7VvQDFh5WoYuzTT/wVEF k8lN/QJhzZwMJxm0duI3FkMileEwOF8tMtVNjdQN8atnjbZE94DBN+l8vpq4lB0kaxA6 M/QyQlZN9D2MhrDtV7r7oEVCX4vJr49c3fcZ2Q2wX8NN9jNAOXmoVjJcH6pybfIR5iJS 9kAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751425975; x=1752030775; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CyaMVJCtbVTUUadfSSC5KMTnf/pJIrofZuGkYjAGLhg=; b=EjMWSlvwzacYdPjjj/jNVQrjPmMlds0WzwvtLdQZwO8ehxNZWVtEZX0Ct95fG/Vda5 KujWhbZS3QWZuYeJoM4xtEsuZXg0wPpQs5OMQGuhBXXtRyxRlvDoajJcJVgsHFUNdscx U+ZGKx9cfnsXqVLYURPEeY1pz7F5pt9AySM1QD4PEw+d0eymKvGcsVynAyThAcXrD8i+ mcKccLGAkWUBuX2W7+mJRiw4ZvG9HiiUQgKwH9jwXVPN2Q/btOZZB64FFigZfd+5OVH4 AAH0xoPQuqzoCIeoYegjvE5u2Ag7G48W9S6DxzFj6TjM3rYJA1x/8wnX7L8OmXCDT/oN IxuQ== X-Gm-Message-State: AOJu0Yx9BmBnV/F1IGSLz3rOpzErGwANUJqQq5y5brj2hrRgH3UJz1d1 VXtkYxOUflnWioI/fQdVFX+LH5UPj22jnVY4JxmMbw8Da2FZ6Fq79vqGabk1b7+gUGqph5+EZTr 5XGNE X-Gm-Gg: ASbGncv2hn2y1JnZiHooIfJQn6fQ0Yej1O7qlLm75iVVHIIF3tzGDVSEg11hnHpVyj3 4nsi7Y88pb8cOOtbg9CyljtT9tzmSry7T4A5lS+GX54OS34URUo+iBtS18s2MRUJPEgQ4bldRVi aIcZcs/JXhdcuW/8NRBkoNt98ZjPUy9asNvaL0ld90QCxchtm67CNp/1FbrYzPPT0j+D7zo9wYU YWLfAhhF6zLAYfpb1VnCgFKOyAU5P7tHETGH00qzgr6d4kliyjhgwUULH2n3jbQ9tkFHyJZDgls lec69IgP6UTjWbRwDGV8d0tmqSgDueuxmytKZrcXqWPEBQdcA4ziEA== X-Google-Smtp-Source: AGHT+IEfRFnrXHdbg43Qqd/puZcybM7YpKpYjPerSvSSfgAJciurpQDQgGSTXSAkmvVmgpfmaDPqfQ== X-Received: by 2002:a05:6a00:2289:b0:746:3200:620 with SMTP id d2e1a72fcca58-74b50f00f95mr1663252b3a.9.1751425974832; Tue, 01 Jul 2025 20:12:54 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-74af58069a9sm13633241b3a.174.2025.07.01.20.12.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 20:12:54 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 19/19] linux-yocto/6.12: libbpf: silence maybe-uninitialized warning from clang Date: Tue, 1 Jul 2025 20:12:04 -0700 Message-ID: <0454186eeceafb8e0bd2b29ac2f8b46f9601f65d.1751425749.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 02 Jul 2025 03:13:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219773 From: Bruce Ashfield Integrating the following commit(s) to linux-yocto/6.12: 1/1 [ Author: Ross Burton Email: ross.burton@arm.com Subject: libbpf: silence maybe-uninitialized warning from clang Date: Wed, 4 Jun 2025 21:22:23 +0100 perf is build with -Werror, but clang 20.1.6 (incorrectly) finds that mod_len may be used uninitialized: libbpf.c: In function 'find_kernel_btf_id.constprop': libbpf.c:10009:33: error: 'mod_len' may be used uninitialized [-Werror=maybe-uninitialized] 10009 | if (mod_name && strncmp(mod->name, mod_name, mod_len) != 0) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ libbpf.c:9979:21: note: 'mod_len' was declared here 9979 | int ret, i, mod_len; | ^~~~~~~ Inspecting the code it can be seen that mod_len is set if mod_name is set, and the strncmp() is only called if mod_name is set, so this is a false positive (interestingly, clang doesn't spot the same issue above). Silence the false positive by explicitly initializing mod_len to 0. Signed-off-by: Ross Burton Signed-off-by: Bruce Ashfield ] Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie (cherry picked from commit 43f6b7795170f0e571265f22bcef51554684206f) Signed-off-by: Steve Sakoman --- .../linux/linux-yocto-rt_6.12.bb | 4 ++-- .../linux/linux-yocto-tiny_6.12.bb | 4 ++-- meta/recipes-kernel/linux/linux-yocto_6.12.bb | 24 +++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb index 1f61008bd6..5a7bad9017 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb @@ -14,8 +14,8 @@ python () { raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it") } -SRCREV_machine ?= "4127c6137af28c2c91ec79acee60fe4d4d70db9b" -SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" +SRCREV_machine ?= "7cb6d42c40de351ecab0a083aef260f84407de0d" +SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648" SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \ git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb index d92862a426..0fad73dddd 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb @@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native" KMETA = "kernel-meta" KCONF_BSP_AUDIT_LEVEL = "2" -SRCREV_machine ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" +SRCREV_machine ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648" PV = "${LINUX_VERSION}+git" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb index 4ecb8276ea..55660830db 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb @@ -18,18 +18,18 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base" KBRANCH:qemuloongarch64 ?= "v6.12/standard/base" KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64" -SRCREV_machine:qemuarm ?= "4260a7bd706072e6bec438cdc29f44845d380b21" -SRCREV_machine:qemuarm64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemuloongarch64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemumips ?= "681fad27d382f2e0eb53d1b46f9d35aa2332248f" -SRCREV_machine:qemuppc ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemuriscv64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemuriscv32 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemux86 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemux86-64 ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_machine:qemumips64 ?= "c32033ad8eac09b074c44a42e7d34d398df9d172" -SRCREV_machine ?= "fee8195f8412ff8f1bfc50ba86cdb8f20de22750" -SRCREV_meta ?= "f2f3b6cbd91743920e2cb55998c53326855b2e9c" +SRCREV_machine:qemuarm ?= "37a1fd13ca538e7785daf01434495a614bc55ead" +SRCREV_machine:qemuarm64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemuloongarch64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemumips ?= "2bcf58ea5aa19d54c436e63c59ab09b307e9ee8e" +SRCREV_machine:qemuppc ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemuriscv64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemuriscv32 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemux86 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemux86-64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_machine:qemumips64 ?= "6470f58a8f04951f202cf85afb4421d2e7ec9995" +SRCREV_machine ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0" +SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648" # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll # get the /base branch, which is pure upstream -stable, and the same