From patchwork Thu Feb 26 18:01:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Marko, Peter" X-Patchwork-Id: 82034 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB253FD8FEE for ; Thu, 26 Feb 2026 18:02:02 +0000 (UTC) Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net [185.136.65.228]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.76356.1772128913308335056 for ; Thu, 26 Feb 2026 10:01:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=eQXI5e4u; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228, mailfrom: fm-256628-202602261801505865e03c1900020710-_04nfj@rts-flowmailer.siemens.com) Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 202602261801505865e03c1900020710 for ; Thu, 26 Feb 2026 19:01:50 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc; bh=zZKtzLDWXiCxr8YT9rTPH7i7vEPLzinMn6LlG2zf0lw=; b=eQXI5e4uJil+n4AGG1oOpKTi7vCQZTtD4hEvP2U8izGfk83XJ5wfUebsrqe9zCYVmcm61j OgH3VbEQiPixGPemITbfEyMDoFrn2Ivg4VZUPPTbwx3CIV0VU5DY0KTKBDRqcvjbpl2EQQoT Tf3xvi8s71jFyn6ToMD6FbsdgZ4I8tFsMCKUU0uyY/GieB1aWCB+wwWTkD3OdppBH8p6loXS +CR2+9/Tq3WgObOYMa4gNxd2r+3F8U9aGBqbjXnemjUGj96OuM9Ibb1VKHkbk0YG63g+Azlj L2I8X+fK6E+BfaHwGSds3BvFFEW6MvROR5VX4Daf0CHC7B+5casFx6IA==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Peter Marko Subject: [OE-core][whinlatter][PATCH 1/2] linux-yocto: apply cve-exclusions also to rt and tiny recipe variants Date: Thu, 26 Feb 2026 19:01:42 +0100 Message-Id: <20260226180143.11435-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 18:02:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232056 From: Peter Marko Version is the same as base kernel, only configuration differs. There is no reason to not apply the exclusions to all variants. This commit is equivalent of master commit 77fb0331ecc0cb9eff6a711c2a7889f2f6bdda92 Signed-off-by: Peter Marko --- meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb | 1 + meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb | 1 + meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb | 1 + meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb | 1 + 4 files changed, 4 insertions(+) diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb index e720629b14..5816902a7f 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb @@ -3,6 +3,7 @@ KBRANCH ?= "v6.12/standard/preempt-rt/base" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.12.inc # Skip processing of this recipe if it is not explicitly specified as the diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb index d1f7e76501..2b54315670 100644 --- a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb +++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb @@ -3,6 +3,7 @@ KBRANCH ?= "v6.16/standard/preempt-rt/base" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.16.inc # Skip processing of this recipe if it is not explicitly specified as the diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb index 164557eaa0..5828ff986b 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb @@ -6,6 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.12.inc LINUX_VERSION ?= "6.12.69" diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb index ef904adad4..92c26d42e3 100644 --- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb +++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb @@ -6,6 +6,7 @@ KCONFIG_MODE = "--allnoconfig" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.16.inc LINUX_VERSION ?= "6.16.11" From patchwork Thu Feb 26 18:01:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Marko, Peter" X-Patchwork-Id: 82033 X-Patchwork-Delegate: yoann.congal@smile.fr Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AA19CFD8FEC for ; Thu, 26 Feb 2026 18:02:02 +0000 (UTC) Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net [185.136.64.225]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.76357.1772128916394955790 for ; Thu, 26 Feb 2026 10:01:57 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=peter.marko@siemens.com header.s=fm2 header.b=GjfDCvzJ; spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225, mailfrom: fm-256628-20260226180154e6c42a0af8000207ce-q71rvk@rts-flowmailer.siemens.com) Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20260226180154e6c42a0af8000207ce for ; Thu, 26 Feb 2026 19:01:54 +0100 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm2; d=siemens.com; i=peter.marko@siemens.com; h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To; bh=kTY+uq/P2tOyp5TkD0BWWA6/3ssNnQK0GgaZjJxXRYQ=; b=GjfDCvzJ22ujJyi2XUMEtv2nMKZoPAa0Rfx6F993FVwmsQPaY/pbQxfv5TykVpdXKj4SPK snMuS9yCxSDQKjmj2tW7t0GWR3gMp/P6709xz3u5Qk3GBupD6EvM0Q/CFA1NXF+2GCW9pzZX JmBxGlMuz61gAU3rvxCq510NgVhDbg/LoHQ4TPimaLbuVCALePLWO1ePoCsv9QXbqhIsbqa/ yeX8Ds6H4+Jj6Mp7Gf9z1fWNcJh4jbjNX7qlMuq6qkgOFCAyECZaNsJeyuxmLSLUCJ2AqqG9 C4W8zv+ECyXNWcEpCkkYn1/4mpTzffHputBLmlbUJBBeLARd8UZVmEbg==; From: Peter Marko To: openembedded-core@lists.openembedded.org Cc: Peter Marko , Mathieu Dubois-Briand , Richard Purdie Subject: [OE-core][whinlatter][PATCH 2/2] cve-exclusions: set status for 5 CVEs Date: Thu, 26 Feb 2026 19:01:43 +0100 Message-Id: <20260226180143.11435-2-peter.marko@siemens.com> In-Reply-To: <20260226180143.11435-1-peter.marko@siemens.com> References: <20260226180143.11435-1-peter.marko@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-256628:519-21489:flowmailer List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 18:02:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232057 From: Peter Marko Reuse work of Debian researchers and set status for fixed CVEs accordingly. These are not tracked by kernel itself, so generated exclusions won't help here. * https://security-tracker.debian.org/tracker/CVE-2022-38096 * https://security-tracker.debian.org/tracker/CVE-2023-39176 * https://security-tracker.debian.org/tracker/CVE-2023-39179 * https://security-tracker.debian.org/tracker/CVE-2023-39180 * https://security-tracker.debian.org/tracker/CVE-2023-6535 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (From OE-Core rev: 699dbbdf3ab2693bae8a7e0425e2519250fdfec4) Signed-off-by: Peter Marko --- meta/recipes-kernel/linux/cve-exclusion.inc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc index 80c76433ef..7d68a9bbaa 100644 --- a/meta/recipes-kernel/linux/cve-exclusion.inc +++ b/meta/recipes-kernel/linux/cve-exclusion.inc @@ -157,3 +157,19 @@ CVE_STATUS[CVE-2023-7042] = "fixed-version: Fixed from 6.9rc1" #Fix https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7315dc1e122c85ffdfc8defffbb8f8b616c2eb1a CVE_STATUS[CVE-2024-0193] = "fixed-version: Fixed from 6.7" + +# Fix https://git.kernel.org/linus/517621b7060096e48e42f545fa6646fc00252eac +CVE_STATUS[CVE-2022-38096] = "fixed-version: Fixed from 6.9" + +# Fix https://git.kernel.org/linus/5aa4fda5aa9c2a5a7bac67b4a12b089ab81fee3c +# Fix https://git.kernel.org/linus/79ed288cef201f1f212dfb934bcaac75572fb8f6 +CVE_STATUS[CVE-2023-39176] = "fixed-version: Fixed from 6.5" + +# Fix https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf +CVE_STATUS[CVE-2023-39179] = "fixed-version: Fixed from 6.5" +CVE_STATUS[CVE-2023-39180] = "fixed-version: Fixed from 6.5" + +# Fix https://git.kernel.org/linus/efa56305908ba20de2104f1b8508c6a7401833be +# Fix https://git.kernel.org/linus/0849a5441358cef02586fb2d60f707c0db195628 +# Fix https://git.kernel.org/linus/9a1abc24850eb759e36a2f8869161c3b7254c904 +CVE_STATUS[CVE-2023-6535] = "fixed-version: Fixed from 6.8"