[PATCH 0/7] linux-yocto: -stable and -dev updates

[PATCH 0/7] linux-yocto: -stable and -dev updates

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Richard,

Here's the next round of 6.18/6.12 stable updates, as well as a
bump of the -dev kernel to 6.19.

We are getting closer, but not quite ready to remove 6.12 from
master.

Bruce


OE-core (7):
  linux-yocto/6.12: update to v6.12.65
  linux-yocto/6.12: update CVE exclusions (6.12.65)
  linux-yocto/6.12: update to v6.12.66
  linux-yocto/6.12: update CVE exclusions (6.12.66)
  linux-yocto/6.18: update to v6.18.6
  linux-yocto/6.18: update CVE exclusions (6.18.6)
  linux-yocto-dev: update to 6.19

 OE-core:
 meta/recipes-kernel/linux/cve-exclusion_6.12.inc   | 294 ++++++++++++++++++++-
 meta/recipes-kernel/linux/cve-exclusion_6.18.inc   | 286 +++++++++++++++++++-
 meta/recipes-kernel/linux/linux-yocto-dev.bb       |   4 +-
 meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb   |   6 +-
 meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb   |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.12.bb      |  28 +-
 meta/recipes-kernel/linux/linux-yocto_6.18.bb      |  24 +-
 9 files changed, 610 insertions(+), 50 deletions(-)

-- 
2.43.0

[meta][PATCH 01/07] linux-yocto/6.12: update to v6.12.65

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:

    39cb076c7dc7 Linux 6.12.65
    b00d41629d81 Revert "iommu/amd: Skip enabling command/event buffers for kdump"
    69f542a54578 pwm: stm32: Always program polarity
    828b59fdf8ef virtio_console: fix order of fields cols and rows
    1b9c118fe318 sched/fair: Proportional newidle balance
    c6ae271bc5fd sched/fair: Small cleanup to update_newidle_cost()
    52aa889c6f57 sched/fair: Small cleanup to sched_balance_newidle()
    4888e1dcc341 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
    b03136582acb cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes
    c4d18e9540bf drm/amdgpu: Forward VMID reservation errors
    585dbb5cdbb8 net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration
    7b240a8935d5 wifi: mac80211: Discard Beacon frames to non-broadcast address
    1c7c3a9314d8 mptcp: ensure context reset on disconnect()
    58a32633d124 mm: consider non-anon swap cache folios in folio_expected_ref_count()
    11f66b84fa7e mm: simplify folio_expected_ref_count()
    914769048818 mm/page_alloc: change all pageblocks migrate type on coalescing
    79f80a7a4784 mptcp: fallback earlier on simult connection

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.12.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.12.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 4113aaa21e..254a4b9c9f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "07aa4b788a9075e4aaf221026df896d245d40a3a"
-SRCREV_meta ?= "cc667785e15dd19fa8c38117d76ac1c7d60b5ec7"
+SRCREV_machine ?= "9f8581c660c7b402312572cbf9cbe03833ed20aa"
+SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.64"
+LINUX_VERSION ?= "6.12.65"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 5a536f0d5a..6aa9dd7d56 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.64"
+LINUX_VERSION ?= "6.12.65"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_meta ?= "cc667785e15dd19fa8c38117d76ac1c7d60b5ec7"
+SRCREV_machine ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index a5184e5812..62f7e8a9bd 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "e7f4f79edddeab38061c2f88220becde45e3500c"
-SRCREV_machine:qemuarm64 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemuloongarch64 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemumips ?= "a6540c970a91fa542babab0633acbd69818686a3"
-SRCREV_machine:qemuppc ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemuriscv64 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemuriscv32 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemux86 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemux86-64 ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_machine:qemumips64 ?= "4b238545c28a667ddd67ff02cb8efb018a5df96c"
-SRCREV_machine ?= "9bd003fd4f7eb668ec3c1d7c5eae095d4b3764bd"
-SRCREV_meta ?= "cc667785e15dd19fa8c38117d76ac1c7d60b5ec7"
+SRCREV_machine:qemuarm ?= "b9671eac4ed537384b52ae04e7e1c728b631fb13"
+SRCREV_machine:qemuarm64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemuloongarch64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemumips ?= "bb006b07c2a942338e7f52070f8026791f30c5f0"
+SRCREV_machine:qemuppc ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemuriscv64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemuriscv32 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemux86 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemux86-64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_machine:qemumips64 ?= "d9af48f273a9d87a61a46c93d7642d9e72947514"
+SRCREV_machine ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
+SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "1a4a7249e794de9e022baabe6387d9c0f831b0be"
+SRCREV_machine:class-devupstream ?= "39cb076c7dc7e44e3cab5c82ffda16a550ed8436"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.64"
+LINUX_VERSION ?= "6.12.65"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.43.0

[meta][PATCH 02/07] linux-yocto/6.12: update CVE exclusions (6.12.65)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 10 changes (7 new | 3 updated): - 7 new CVEs: CVE-2025-61937, CVE-2025-61943, CVE-2025-64691, CVE-2025-64729, CVE-2025-64769, CVE-2025-65117, CVE-2025-65118 - 3 updated CVEs: CVE-2025-7195, CVE-2025-9903, CVE-2025-9904
        Date: Fri, 16 Jan 2026 00:42:12 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 284 +++++++++++++++++-
 1 file changed, 280 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index c08b091825..6ab3bd2bb3 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-12 18:49:23.230016+00:00 for kernel version 6.12.64
-# From linux_kernel_cves cve_2026-01-12_1800Z-2-g66e4b29f774
+# Generated at 2026-01-16 00:43:33.551663+00:00 for kernel version 6.12.65
+# From linux_kernel_cves 2026-01-16_baseline-1-gc984786b0cf
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.64"
+    this_version = "6.12.65"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -16104,7 +16104,7 @@ CVE_STATUS[CVE-2025-22107] = "cpe-stable-backport: Backported in 6.12.59"
 
 CVE_STATUS[CVE-2025-22110] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-22111 may need backporting (fixed from 6.12.65)
+CVE_STATUS[CVE-2025-22111] = "cpe-stable-backport: Backported in 6.12.65"
 
 CVE_STATUS[CVE-2025-22112] = "cpe-stable-backport: Backported in 6.12.35"
 
@@ -20024,3 +20024,279 @@ CVE_STATUS[CVE-2025-68765] = "cpe-stable-backport: Backported in 6.12.63"
 
 CVE_STATUS[CVE-2025-68766] = "cpe-stable-backport: Backported in 6.12.63"
 
+CVE_STATUS[CVE-2025-68767] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-68768 needs backporting (fixed from 6.19rc2)
+
+CVE_STATUS[CVE-2025-68769] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68770] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68771] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68772] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68773] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68774] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68775] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68776] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68777] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68778] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68779] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-68780] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68781] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68782] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68783] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68784] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68785] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68786] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68787] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68788] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68789] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68790] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-68791] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2025-68792 needs backporting (fixed from 6.19rc1)
+
+CVE_STATUS[CVE-2025-68793] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-68794] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68795] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68796] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68797] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68798] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68799] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68800] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68801] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68802] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68803] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68804] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68805] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-68806] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68807] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-68808] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68809] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68810] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68811] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68812] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-68813] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68814] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68815] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68816] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68817] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68818] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68819] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68820] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68821] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-68822] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-68823 needs backporting (fixed from 6.19rc2)
+
+CVE_STATUS[CVE-2025-71064] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71065] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71066] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71067] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71068] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71069] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71070] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-71071] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71072] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71073] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-71074 needs backporting (fixed from 6.19rc1)
+
+CVE_STATUS[CVE-2025-71075] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71076] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71077] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71078] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71079] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71080] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71081] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71082] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71083] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71084] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71085] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71086] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71087] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71088] = "cpe-stable-backport: Backported in 6.12.65"
+
+CVE_STATUS[CVE-2025-71089] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71090] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-71091] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71092] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71093] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71094] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71095] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71096] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71097] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71098] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71099] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71100] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71101] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71102] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71103] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71104] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71105] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71106] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71107] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71108] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71109] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71110] = "fixed-version: only affects 6.18 onwards"
+
+CVE_STATUS[CVE-2025-71111] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71112] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71113] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71114] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71115] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-71116] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-71117 needs backporting (fixed from 6.19rc1)
+
+CVE_STATUS[CVE-2025-71118] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71119] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71120] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71121] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71122] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71123] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71124] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-71125] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71126] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71127] = "cpe-stable-backport: Backported in 6.12.65"
+
+CVE_STATUS[CVE-2025-71128] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-71129] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71130] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71131] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71132] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71133] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71134] = "cpe-stable-backport: Backported in 6.12.65"
+
+CVE_STATUS[CVE-2025-71135] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71136] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71137] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71138] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71139] = "fixed-version: only affects 6.17 onwards"
+
+CVE_STATUS[CVE-2025-71140] = "cpe-stable-backport: Backported in 6.12.64"
+
+# CVE-2025-71141 needs backporting (fixed from 6.19rc1)
+
+CVE_STATUS[CVE-2025-71142] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.12.64"
+
+CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.12.65"
+
-- 
2.43.0

[meta][PATCH 03/07] linux-yocto/6.12: update to v6.12.66

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:

    f6044d1fd846 Linux 6.12.66
    9e3f8fa53348 bpf: test_run: Fix ctx leak in bpf_prog_test_run_xdp error path
    f8b406198778 ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback
    47e676ce4d68 tpm2-sessions: Fix out of range indexing in name_size
    42440155fe27 spi: cadence-quadspi: Prevent lost complete() call during indirect read
    3762535fbbc0 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
    0810c8e94d6b ASoC: fsl_sai: Add missing registers to cache default
    1d2a10913089 ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL
    8072299bf13f ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
    44ed8fae346f ALSA: usb-audio: Update for native DSD support quirks
    ba6f0d1832ee can: j1939: make j1939_session_activate() fail if device is no longer registered
    47206d70d1fb drm/amdkfd: Fix improper NULL termination of queue restore SMI event string
    1c06d85c3d51 spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ
    f609041424d5 drm/amd/display: Fix DP no audio issue
    9f6cf07687be ata: libata-core: Disable LPM on ST2000DM008-2FR102
    14fa3d1927f1 netfilter: nf_tables: avoid chain re-validation if possible
    feb28b6827ec powercap: fix sscanf() error return value handling
    3835d59f6999 powercap: fix race condition in register_control_type()
    7b60aed82db1 net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant
    fb9ef40cccdb bpf: Fix reference count leak in bpf_prog_test_run_xdp()
    6447e697cfa8 bpf, test_run: Subtract size of xdp_frame from allowed metadata size
    6611a73b2991 bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN
    0eb6e9d3b724 bpf: Make variables in bpf_prog_test_run_xdp less confusing
    202c5b915e22 bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K
    5c647749bce3 btrfs: fix beyond-EOF write handling
    afbb57899612 btrfs: use variable for end offset in extent_writepage_io()
    a915072e5ac3 btrfs: truncate ordered extent when skipping writeback past i_size
    7216d78ca34f btrfs: remove btrfs_fs_info::sectors_per_page
    ced5459df05a btrfs: add extra error messages for delalloc range related errors
    fb4fa3f9012b btrfs: subpage: dump the involved bitmap when ASSERT() failed
    9ed14c3b787b btrfs: fix error handling of submit_uncompressed_range()
    fcc04c92cbb5 ALSA: ac97: fix a double free in snd_ac97_controller_register()
    71138011dc01 ALSA: ac97bus: Use guard() for mutex locks
    7388ba6e5ccd erofs: fix file-backed mounts no longer working on EROFS partitions
    d47b03775d55 erofs: don't bother with s_stack_depth increasing for now
    dd6ccec088ad arp: do not assume dev_hard_header() does not change skb->head
    de77d2cd178a net: enetc: fix build warning when PAGE_SIZE is greater than 128K
    471dfb97599e net: usb: pegasus: fix memory leak in update_eth_regs_async()
    43497313d0da net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset
    3d67e8c22685 HID: quirks: work around VID/PID conflict for appledisplay
    4969d6fa61af net: netdevsim: fix inconsistent carrier state after link/unlink
    d916df47a031 idpf: cap maximum Rx buffer size
    a4212d6732e3 idpf: fix memory leak in idpf_vport_rel()
    be3d31276199 idpf: keep the netdev when a reset fails
    3264881431e3 net: fix memory leak in skb_segment_list for GRO packets
    92ff65c660eb riscv: pgtable: Cleanup useless VA_USER_XXX definitions
    1eeaaeceafcf btrfs: only enforce free space tree if v1 cache is required for bs < ps cases
    6762937a8b45 vsock: Make accept()ed sockets use custom setsockopt()
    f1029391e604 bnxt_en: Fix potential data corruption with HW GRO/LRO
    57f1dd8fa966 net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
    9e0f54294fae net/mlx5e: Don't print error message due to invalid module
    b71d08b96864 netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
    005671c60fcf net: sock: fix hardened usercopy panic in sock_recv_errqueue
    50f65526b33d inet: ping: Fix icmp out counting
    03fb1708b7d1 net: mscc: ocelot: Fix crash when adding interface under a lag
    269c9283ff7f bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
    3950054c9512 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
    26a82dce2bee netfilter: nf_conncount: update last_gc only when GC has been performed
    e1a436981ac9 netfilter: nf_tables: fix memory leak in nf_tables_newrule()
    cdafa52ad39b gpio: pca953x: handle short interrupt pulses on PCAL devices
    d4f333a0155d gpio: pca953x: Add support for level-triggered interrupts
    dd42e23b6d9e netfilter: nft_synproxy: avoid possible data-race on update operation
    16b4508e8717 netfilter: nft_set_pipapo: fix range overlap detection
    b397bb9c34ac arm64: dts: mba8mx: Fix Ethernet PHY IRQ support
    97fdde3189b6 arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart
    35b38dd6a792 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM
    88d60cff3000 ARM: dts: imx6q-ba16: fix RTC interrupt level
    3e458210ee2c arm64: dts: add off-on-delay-us for usdhc2 regulator
    06b1dfa40090 crypto: qat - fix duplicate restarting msg during AER error
    8f6afb166402 arm64: dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings
    75e2bc2985f4 drm/amd/display: Apply e4479aecf658 to dml
    163df8d79a0d drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files
    582ba48e4a4c btrfs: fix NULL dereference on root when tracing inode eviction
    ec3695dd0acd btrfs: tracepoints: use btrfs_root_id() to get the id of a root
    53df7a4c3a56 btrfs: qgroup: update all parent qgroups when doing quick inherit
    b9b19fecad7d btrfs: fix qgroup_snapshot_quick_inherit() squota bug
    dedec6e6b421 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed"
    496ca70a15f4 scsi: ufs: core: Fix EH failure after W-LUN resume error
    f373695d62e0 scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
    261233f765d2 smb/client: fix NT_STATUS_NO_DATA_DETECTED value
    596d1b968660 smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value
    b1dd68601676 smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value
    e83af97d5c39 drm/amd/display: shrink struct members
    a8559efcd576 NFS: Fix up the automount fs_context to use the correct cred
    71029266093b ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again)
    e1df03e293a0 NFSv4: ensure the open stateid seqid doesn't go backwards
    6a1099604b0c dm-snapshot: fix 'scheduling while atomic' on real-time kernels
    f002df3a3305 alpha: don't reference obsolete termio struct for TC* constants
    1b645cd729ef ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
    7010683101b5 csky: fix csky_cmpxchg_fixup not working
    32dc49f49ea0 drm/xe: Ensure GT is in C0 during resumes
    e724d0261b7c drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally
    f09cd209359a tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
    6f468f6ff233 libceph: make calc_target() set t->paused, not just clear it
    e94075e950a6 libceph: reset sparse-read state in osd_fault()
    d2c4a5f69966 libceph: return the handler error from mon_handle_auth_done()
    c4c2152a858c libceph: make free_choose_arg_map() resilient to partial allocation
    6c6cec3db3b4 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
    2802ef3380fa libceph: prevent potential out-of-bounds reads in handle_auth_done()
    f94f95b81736 wifi: mac80211: restore non-chanctx injection behaviour
    024f71a57d56 wifi: avoid kernel-infoleak from struct iw_point
    fcb7500bfa24 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
    321e17ff3142 gpio: rockchip: mark the GPIO controller as sleeping
    7500ab83bad2 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
    bc96db7051cc drm/pl111: Fix error handling in pl111_amba_probe
    90b4b130a20d drm/amdgpu: Fix query for VPE block_type and ip_count
    49a66829dd36 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
    c61440f1e741 counter: 104-quad-8: Fix incorrect return value in IRQ handler
    196e8fd7424b lib/crypto: aes: Fix missing MMU protection for AES S-box
    97130283b83f mei: me: add nova lake point S DID
    0c2413c69129 btrfs: always detect conflicting inodes when logging inode refs
    8b402146e3a8 arm64: Fix cleared E0POE bit after cpu_suspend()/resume()
    2f05f7737e16 net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
    1320d94a4df1 atm: Fix dma_free_coherent() size
    3f5d7f3865c6 NFSD: Remove NFSERR_EAGAIN
    8c1cf63ed465 NFSD: net ref data still needs to be freed even if net hasn't startup
    d95499900fe5 nfsd: check that server is running in unlock_filesystem
    03c68f94fad1 nfsd: use correct loop termination in nfsd4_revoke_states()
    ba4811c8b433 nfsd: provide locking for v4_end_grace
    6b7ad17f4dd5 NFSD: Fix permission check for read access to executable-only files

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.12.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.12.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 254a4b9c9f..c463840c80 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "9f8581c660c7b402312572cbf9cbe03833ed20aa"
-SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
+SRCREV_machine ?= "e9cbfbc05015c935e7bc4991c443602122f4b819"
+SRCREV_meta ?= "46ae7e7d4ce1ee55091957bff63e0f54a761a93d"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.65"
+LINUX_VERSION ?= "6.12.66"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 6aa9dd7d56..f5610a2d41 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.65"
+LINUX_VERSION ?= "6.12.66"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
+SRCREV_machine ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_meta ?= "46ae7e7d4ce1ee55091957bff63e0f54a761a93d"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index 62f7e8a9bd..fbb4f31107 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b9671eac4ed537384b52ae04e7e1c728b631fb13"
-SRCREV_machine:qemuarm64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemuloongarch64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemumips ?= "bb006b07c2a942338e7f52070f8026791f30c5f0"
-SRCREV_machine:qemuppc ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemuriscv64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemuriscv32 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemux86 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemux86-64 ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_machine:qemumips64 ?= "d9af48f273a9d87a61a46c93d7642d9e72947514"
-SRCREV_machine ?= "5b6cf700d8a16b91937d61bd3bf0248bb1771644"
-SRCREV_meta ?= "12efb3470e9a439d7806984d360a3712350076d0"
+SRCREV_machine:qemuarm ?= "6a83054dc7e21d30a030ef52b5ff4c2531c56bf2"
+SRCREV_machine:qemuarm64 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemuloongarch64 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemumips ?= "033446da85710e7854f8bbca5b4058d3d158d218"
+SRCREV_machine:qemuppc ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemuriscv64 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemuriscv32 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemux86 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemux86-64 ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_machine:qemumips64 ?= "57df96df5815eeedc9ab958e7464cf43c7494053"
+SRCREV_machine ?= "59d7360e98794225985c1da95ec614563320c61b"
+SRCREV_meta ?= "46ae7e7d4ce1ee55091957bff63e0f54a761a93d"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "39cb076c7dc7e44e3cab5c82ffda16a550ed8436"
+SRCREV_machine:class-devupstream ?= "f6044d1fd846ed1ae457975738267214b538a222"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.65"
+LINUX_VERSION ?= "6.12.66"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.43.0

[meta][PATCH 04/07] linux-yocto/6.12: update CVE exclusions (6.12.66)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 10 changes (5 new | 5 updated): - 5 new CVEs: CVE-2026-22278, CVE-2026-23761, CVE-2026-23762, CVE-2026-23763, CVE-2026-23764 - 5 updated CVEs: CVE-2021-47746, CVE-2021-47748, CVE-2025-64097, CVE-2025-69821, CVE-2026-1328
        Date: Thu, 22 Jan 2026 16:23:30 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc               | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 6ab3bd2bb3..52ab4eb807 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-16 00:43:33.551663+00:00 for kernel version 6.12.65
-# From linux_kernel_cves 2026-01-16_baseline-1-gc984786b0cf
+# Generated at 2026-01-22 16:37:18.329435+00:00 for kernel version 6.12.66
+# From linux_kernel_cves cve_2026-01-22_1600Z-1-g55b49f6e4ba
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.65"
+    this_version = "6.12.66"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -18466,7 +18466,7 @@ CVE_STATUS[CVE-2025-39820] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-39821] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-39822 needs backporting (fixed from 6.17)
+CVE_STATUS[CVE-2025-39822] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-39823] = "cpe-stable-backport: Backported in 6.12.45"
 
@@ -19112,7 +19112,7 @@ CVE_STATUS[CVE-2025-40145] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-40148] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-40149 needs backporting (fixed from 6.18)
+CVE_STATUS[CVE-2025-40149] = "cpe-stable-backport: Backported in 6.12.66"
 
 # CVE-2025-40150 needs backporting (fixed from 6.18)
 
@@ -19630,7 +19630,7 @@ CVE_STATUS[CVE-2025-68210] = "cpe-stable-backport: Backported in 6.12.59"
 
 CVE_STATUS[CVE-2025-68211] = "cpe-stable-backport: Backported in 6.12.59"
 
-CVE_STATUS[CVE-2025-68212] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-68212] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-68213] = "cpe-stable-backport: Backported in 6.12.60"
 
@@ -20074,7 +20074,7 @@ CVE_STATUS[CVE-2025-68790] = "fixed-version: only affects 6.18 onwards"
 
 CVE_STATUS[CVE-2025-68791] = "fixed-version: only affects 6.14 onwards"
 
-# CVE-2025-68792 needs backporting (fixed from 6.19rc1)
+CVE_STATUS[CVE-2025-68792] = "cpe-stable-backport: Backported in 6.12.66"
 
 CVE_STATUS[CVE-2025-68793] = "fixed-version: only affects 6.17 onwards"
 
@@ -20300,3 +20300,7 @@ CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.12.64"
 
 CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.12.65"
 
+CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.12.66"
+
+CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.12.66"
+
-- 
2.43.0

[meta][PATCH 05/07] linux-yocto/6.18: update to v6.18.6

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.18 to the latest korg -stable release that comprises
the following commits:

    b6fe42bc55af Linux 6.18.6
    69695f5331d4 spi: cadence-quadspi: Prevent lost complete() call during indirect read
    81531bdea972 scsi: sg: Fix occasional bogus elapsed time that exceeds timeout
    90f5dd44d9bf ASoC: fsl_sai: Add missing registers to cache default
    b3f89f6582e0 ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL
    65f6ae1fdf22 ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025
    003994f3b014 ALSA: usb-audio: Update for native DSD support quirks
    530ec35c211e block: validate pi_offset integrity limit
    79dd3f1d9dd3 can: j1939: make j1939_session_activate() fail if device is no longer registered
    9fd86747daa6 drm/amdkfd: Fix improper NULL termination of queue restore SMI event string
    6fcfcf792ce8 spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ
    6db8e186c977 drm/amd/display: Fix DP no audio issue
    6a2049b7391b accel/amdxdna: Block running under a hypervisor
    a70fd483c4b9 ata: libata-core: Disable LPM on ST2000DM008-2FR102
    09d6074995c1 netfilter: nf_tables: avoid chain re-validation if possible
    9e2fcfc32467 powercap: fix sscanf() error return value handling
    d33cc39e9f7e powercap: fix race condition in register_control_type()
    cbbf6c1fe62b net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant
    737be05a7657 bpf: Fix reference count leak in bpf_prog_test_run_xdp()
    31e37f44b606 bpf, test_run: Subtract size of xdp_frame from allowed metadata size
    7ea26e6dcabc gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths
    7882637ea5cc gpio: mpsse: add quirk support
    472d900c8bca gpio: mpsse: ensure worker is torn down
    4374a1cac13e btrfs: fix beyond-EOF write handling
    9cb1a586c78a btrfs: use variable for end offset in extent_writepage_io()
    3b7ca18f3509 btrfs: truncate ordered extent when skipping writeback past i_size
    ebdc99345399 erofs: fix file-backed mounts no longer working on EROFS partitions
    c65f0bafc98f erofs: don't bother with s_stack_depth increasing for now
    234409e0db77 irqchip/gic-v5: Fix gicv5_its_map_event() ITTE read endianness
    72e28774e964 ublk: fix use-after-free in ublk_partition_scan_work
    949647e7771a arp: do not assume dev_hard_header() does not change skb->head
    d93ba83fc3f5 net: enetc: fix build warning when PAGE_SIZE is greater than 128K
    ce6eef731aba net: usb: pegasus: fix memory leak in update_eth_regs_async()
    51ffd447bc37 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset
    1251bbdb8f5b wifi: mac80211_hwsim: fix typo in frequency notification
    72f93dc6d1a6 net: airoha: Fix schedule while atomic in airoha_ppe_deinit()
    9e17d06663f3 HID: quirks: work around VID/PID conflict for appledisplay
    fb08fec72131 sparc/PCI: Correct 64-bit non-pref -> pref BAR resources
    397691633112 trace: ftrace_dump_on_oops[] is not exported, make it static
    6c0d642e8c58 block: don't merge bios with different app_tags
    086e2928c1da net: netdevsim: fix inconsistent carrier state after link/unlink
    334bbbbf4c80 selftests: drv-net: Bring back tool() to driver __init__s
    67550a1130b6 net/sched: act_api: avoid dereferencing ERR_PTR in tcf_idrinfo_destroy
    06dc322dcb20 net: sfp: return the number of written bytes for smbus single byte access
    0c63d5683eae udp: call skb_orphan() before skb_attempt_defer_free()
    2d6cde9953f9 Revert "dsa: mv88e6xxx: make serdes SGMII/Fiber tx amplitude configurable"
    0ad6d6e50e9d idpf: fix aux device unplugging when rdma is not supported by vport
    258e7c55f939 idpf: cap maximum Rx buffer size
    bfeb4dfc8050 idpf: Fix error handling in idpf_vport_open()
    ab92fa4dd81b idpf: Fix RSS LUT NULL ptr issue after soft reset
    9abe73eff87d idpf: Fix RSS LUT configuration on down interfaces
    b29a5a7dd1f4 idpf: Fix RSS LUT NULL pointer crash on early ethtool operations
    fe33b4252e4b idpf: fix issue with ethtool -n command display
    1aedff70a5e9 idpf: fix memory leak of flow steer list on rmmod
    a514c374edcd idpf: fix error handling in the init_task on load
    23391db8a00c idpf: fix memory leak in idpf_vc_core_deinit()
    ec602a2a4071 idpf: fix memory leak in idpf_vport_rel()
    ac122f5fb050 idpf: detach and close netdevs while handling a reset
    a9f5b61591d3 idpf: convert vport state to bitmap
    14c4fea11536 idpf: keep the netdev when a reset fails
    309a4c2fa676 PCI/VGA: Don't assume the only VGA device on a system is `boot_vga`
    c114a32a2e70 net: fix memory leak in skb_segment_list for GRO packets
    177c71d2709f riscv: pgtable: Cleanup useless VA_USER_XXX definitions
    5bfaf4fa3dc2 riscv: cpufeature: Fix Zk bundled extension missing Zknh
    8a6b410e3d0f net: airoha: Fix npu rx DMA definitions
    6d1b61b8e1e4 btrfs: fix NULL pointer dereference in do_abort_log_replay()
    07effd536ddc btrfs: only enforce free space tree if v1 cache is required for bs < ps cases
    92a559085114 btrfs: release path before initializing extent tree in btrfs_read_locked_inode()
    0185dc4b5b0e vsock: Make accept()ed sockets use custom setsockopt()
    543f8537b470 drm/amd/pm: force send pcie parmater on navi1x
    a1c0a4ccbe6d drm/amd/pm: fix wrong pcie parameter on navi1x
    deee9dfb111a perf: Ensure swevent hrtimer is properly destroyed
    088ca99dbb03 inet: frags: drop fraglist conntrack references
    a5e2d902f64c virtio_net: fix device mismatch in devm_kzalloc/devm_kfree
    e3c738138975 bnxt_en: Fix potential data corruption with HW GRO/LRO
    8181c79757cc net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
    f2c4bcfa193e net/ena: fix missing lock when update devlink params
    b46675e1c593 net/mlx5e: Dealloc forgotten PSP RX modify header
    d35ab9fb5794 net/mlx5e: Don't print error message due to invalid module
    cba6cc0f4654 net/mlx5e: Don't gate FEC histograms on ppcnt_statistical_group
    658496325824 net/mlx5: Lag, multipath, give priority for routes with smaller network prefix
    8bdc624bf33d netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates
    e00b169eaac5 net: sock: fix hardened usercopy panic in sock_recv_errqueue
    fe71b71f0fe0 net: phy: mxl-86110: Add power management and soft reset support
    1511ba2d6846 inet: ping: Fix icmp out counting
    f490af47bbee net: mscc: ocelot: Fix crash when adding interface under a lag
    b53fca69f455 bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress
    326a4b7e61d0 net: marvell: prestera: fix NULL dereference on devlink_alloc() failure
    8bdafdf49000 netfilter: nf_conncount: update last_gc only when GC has been performed
    7f066cba650c netfilter: nf_tables: fix memory leak in nf_tables_newrule()
    58dac9b28a57 gpio: pca953x: handle short interrupt pulses on PCAL devices
    fb674c8f1a5d gpiolib: fix race condition for gdev->srcu
    aaa24eeb63ad gpiolib: rename GPIO chip printk macros
    97531f8e50d9 gpiolib: remove unnecessary 'out of memory' messages
    75bfb05067d6 netfilter: nft_synproxy: avoid possible data-race on update operation
    704c0258f0d7 netfilter: nft_set_pipapo: fix range overlap detection
    499c0db5862f arm64: dts: mba8mx: Fix Ethernet PHY IRQ support
    646d415f9860 arm64: dts: imx8qm-ss-dma: correct the dma channels of lpuart
    4977cac699a4 arm64: dts: imx8mp: Fix LAN8740Ai PHY reference clock on DH electronics i.MX8M Plus DHCOM
    5b5ef7049ebe arm64: dts: freescale: tx8p-ml81: fix eqos nvmem-cells
    f267ced2bcb0 arm64: dts: freescale: moduline-display: fix compatible
    2c3f04f1f70c ARM: dts: imx6q-ba16: fix RTC interrupt level
    88244021003b arm64: dts: add off-on-delay-us for usdhc2 regulator
    c200328fd57f arm64: dts: imx8qm-mek: correct the light sensor interrupt type to low level
    42b66f4557a2 crypto: qat - fix duplicate restarting msg during AER error
    7fd534abaa39 pinctrl: mediatek: mt8189: restore previous register base name array order
    5b5482c0e5ee netfs: Fix early read unlock of page with EOF in middle
    b95a6e3b0d5d HID: Intel-thc-hid: Intel-thc: Fix wrong register reading
    a5eeebb994bf HID: Intel-thc-hid: Intel-thc: fix dma_unmap_sg() nents value
    737f341080f4 gpio: it87: balance superio enter/exit calls in error path
    43c2e3670334 gpu: nova-core: select RUST_FW_LOADER_ABSTRACTIONS
    93900292af11 arm64: dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings
    c5ebc38066ce arm64: dts: ti: k3-am642-phyboard-electra-x27-gpio1-spi1-uart3: Fix schema warnings
    0d4087c74869 arm64: dts: ti: k3-am642-phyboard-electra-peb-c-010: Fix icssg-prueth schema warning
    f09b0f705bd7 of: unittest: Fix memory leak in unittest_data_add()
    c8385851a543 btrfs: fix use-after-free warning in btrfs_get_or_create_delayed_node()
    99e057f3d3ef btrfs: fix NULL dereference on root when tracing inode eviction
    1ee62906cbd9 btrfs: qgroup: update all parent qgroups when doing quick inherit
    7d59377ada9f btrfs: fix qgroup_snapshot_quick_inherit() squota bug
    5f0fd06d7571 scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed"
    f1e2d448ccc1 scsi: ufs: core: Fix EH failure after W-LUN resume error
    3a96f7f2677a scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset
    382028023669 scsi: mpi3mr: Prevent duplicate SAS/SATA device entries in channel 1
    aba03b371632 smb/client: fix NT_STATUS_NO_DATA_DETECTED value
    d4959a7900af smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value
    e2c146263966 smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value
    f1ae589310e1 drm/amd/display: shrink struct members
    93ee5471731b ALSA: hda/realtek: Add support for ASUS UM3406GA
    ab775cc784f6 NFS: Fix up the automount fs_context to use the correct cred
    8e73e0ee4530 ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again)
    d82f6d1d43b3 NFSv4: ensure the open stateid seqid doesn't go backwards
    6930c0229fb3 dm-snapshot: fix 'scheduling while atomic' on real-time kernels
    232948cf600f dm-verity: disable recursive forward error correction
    fea0f86e4613 alpha: don't reference obsolete termio struct for TC* constants
    9f53cfb9f4c2 ARM: 9461/1: Disable HIGHPTE on PREEMPT_RT kernels
    8ad9e930fb91 csky: fix csky_cmpxchg_fixup not working
    c88717b10792 ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback
    a1d420370a24 ublk: reorder tag_set initialization before queue allocation
    5647d42c47b5 libceph: make calc_target() set t->paused, not just clear it
    10b7c7281036 libceph: reset sparse-read state in osd_fault()
    9e0101e57534 libceph: return the handler error from mon_handle_auth_done()
    f21c3fdb9683 libceph: make free_choose_arg_map() resilient to partial allocation
    6348d70af847 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()
    2d653bb63d59 libceph: prevent potential out-of-bounds reads in handle_auth_done()
    b97be67dc06e wifi: mac80211: restore non-chanctx injection behaviour
    e3c35177103e wifi: avoid kernel-infoleak from struct iw_point
    5c12a13522f4 Revert "drm/mediatek: dsi: Fix DSI host and panel bridge pre-enable order"
    b7a883b0135d PM: hibernate: Fix crash when freeing invalid crypto compressor
    ea7a54393d50 pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
    391adca8e213 PCI: meson: Report that link is up while in ASPM L0s and L1 states
    2b9c15286a17 io_uring/io-wq: fix incorrect io_wq_for_each_worker() termination logic
    3aa67687d558 gpio: rockchip: mark the GPIO controller as sleeping
    b88191562d92 drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[]
    227997d16a53 drm/tidss: Fix enable/disable order
    124b9d19e1d5 drm/pl111: Fix error handling in pl111_amba_probe
    8a8bf7ed8230 drm/atomic-helper: Export and namespace some functions
    1f50931f79dc drm/amdgpu: Fix query for VPE block_type and ip_count
    b023b3f236e8 drm/amd/display: Apply e4479aecf658 to dml
    1d8b1ac985c9 arm64: dts: imx95: correct I3C2 pclk to IMX95_CLK_BUSWAKEUP
    00d880c469b7 ALSA: hda/tas2781: properly initialize speaker_id for TAS2563
    cb73d37ac18b ALSA: ac97: fix a double free in snd_ac97_controller_register()
    c12df0f5ca41 Revert "drm/atomic-helper: Re-order bridge chain pre-enable and post-disable"
    0ce45b2426f9 nouveau: don't attempt fwsec on sb on newer platforms.
    64a0d47e0c32 riscv: boot: Always make Image from vmlinux, not vmlinux.unstripped
    5b7f91acffd2 tracing: Add recursion protection in kernel stack trace recording
    425886b1f830 counter: interrupt-cnt: Drop IRQF_NO_THREAD flag
    844f521604bd counter: 104-quad-8: Fix incorrect return value in IRQ handler
    a0b28dd06a9a lib/crypto: aes: Fix missing MMU protection for AES S-box
    30a98c97f787 rust_binder: remove spin_lock() in rust_shrink_free_page()
    86e49948b0e6 mei: me: add nova lake point S DID
    d52af58dd463 btrfs: always detect conflicting inodes when logging inode refs
    0174d5466cae bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup
    e86c4ee5a029 arm64: Fix cleared E0POE bit after cpu_suspend()/resume()
    ffa2be496ef6 net: do not write to msg_get_inq in callee
    d82796a57cc0 net: 3com: 3c59x: fix possible null dereference in vortex_probe1()
    4ae815bfcfad atm: Fix dma_free_coherent() size
    0f7fb819d63f NFSD: Remove NFSERR_EAGAIN
    db78fa4b9f1f NFSD: net ref data still needs to be freed even if net hasn't startup
    e06c9f6c0f55 nfsd: check that server is running in unlock_filesystem
    099a880ef541 nfsd: use correct loop termination in nfsd4_revoke_states()
    53f07d095e7e nfsd: provide locking for v4_end_grace
    a339b0168251 NFSD: Fix permission check for read access to executable-only files

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.18.bb              |  6 ++---
 .../linux/linux-yocto-tiny_6.18.bb            |  6 ++---
 meta/recipes-kernel/linux/linux-yocto_6.18.bb | 24 +++++++++----------
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
index 76eb891a04..2a10815684 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.18.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "878f4a23dbbd21b2eaa97cd82be39db3131f26e3"
-SRCREV_meta ?= "d8bded29848649b362d0376692bd86a5f6ebc7e0"
+SRCREV_machine ?= "2ec883ec1af76529a27558fde434a5ae64dee7ab"
+SRCREV_meta ?= "1fbfcbd8a3ce8df814f51ef8710fc0197ff01986"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.18;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.18.5"
+LINUX_VERSION ?= "6.18.6"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
index 6904ce5f56..ce564d842c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.18.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.18.inc
 
-LINUX_VERSION ?= "6.18.5"
+LINUX_VERSION ?= "6.18.6"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_meta ?= "d8bded29848649b362d0376692bd86a5f6ebc7e0"
+SRCREV_machine ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_meta ?= "1fbfcbd8a3ce8df814f51ef8710fc0197ff01986"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.18.bb b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
index 599a3d13b8..daa0cb51d1 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.18.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.18.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.18/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.18/standard/base"
 KBRANCH:qemumips64 ?= "v6.18/standard/mti-malta"
 
-SRCREV_machine:qemuarm ?= "9e147c72113ebc9bc50a4709953834da3c7f76dc"
-SRCREV_machine:qemuarm64 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_machine:qemuloongarch64 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
+SRCREV_machine:qemuarm ?= "ee78c602479902ccc042f3b2c6467a6a1b2010e1"
+SRCREV_machine:qemuarm64 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_machine:qemuloongarch64 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
 SRCREV_machine:qemumips ?= "62ea92a539f58803a222be98b81118403074206e"
-SRCREV_machine:qemuppc ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_machine:qemuriscv64 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_machine:qemuriscv32 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_machine:qemux86 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_machine:qemux86-64 ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
+SRCREV_machine:qemuppc ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_machine:qemuriscv64 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_machine:qemuriscv32 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_machine:qemux86 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_machine:qemux86-64 ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
 SRCREV_machine:qemumips64 ?= "9fb4ff0187c85426f21fd40d4c61b742800f65c4"
-SRCREV_machine ?= "0d1b47da567fe4d6ff80c562b706e7a9232d3553"
-SRCREV_meta ?= "d8bded29848649b362d0376692bd86a5f6ebc7e0"
+SRCREV_machine ?= "3e243d2a1151b1ccb42f80f81c6d77f0af327a3d"
+SRCREV_meta ?= "1fbfcbd8a3ce8df814f51ef8710fc0197ff01986"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "dc554c8fb361f13580da3f5a98ad8b494a788666"
+SRCREV_machine:class-devupstream ?= "b6fe42bc55af3fb17c8c03def2f8a1f7fa907af6"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.18/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.18;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.18.5"
+LINUX_VERSION ?= "6.18.6"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.43.0

[meta][PATCH 06/07] linux-yocto/6.18: update CVE exclusions (6.18.6)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 14 changes (0 new | 14 updated): - 0 new CVEs: - 14 updated CVEs: CVE-2024-23147, CVE-2024-23148, CVE-2024-23156, CVE-2024-23157, CVE-2024-37000, CVE-2024-37006, CVE-2025-13335, CVE-2025-63896, CVE-2025-9452, CVE-2025-9456, CVE-2025-9457, CVE-2025-9458, CVE-2026-1225, CVE-2026-1332
        Date: Thu, 22 Jan 2026 14:20:53 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.18.inc              | 286 +++++++++++++++++-
 1 file changed, 283 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 708c5a8506..38f260d231 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-01-12 16:52:57.037978+00:00 for kernel version 6.18.5
-# From linux_kernel_cves cve_2026-01-12_1600Z-2-g6b70380b71e
+# Generated at 2026-01-22 14:32:14.186712+00:00 for kernel version 6.18.6
+# From linux_kernel_cves cve_2026-01-22_1400Z
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.5"
+    this_version = "6.18.6"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -20024,3 +20024,283 @@ CVE_STATUS[CVE-2025-68765] = "cpe-stable-backport: Backported in 6.18.2"
 
 CVE_STATUS[CVE-2025-68766] = "cpe-stable-backport: Backported in 6.18.2"
 
+CVE_STATUS[CVE-2025-68767] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68768] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68769] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68770] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68771] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68772] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68773] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68774] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68775] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68776] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68777] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68778] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68779] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68780] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68781] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68782] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68783] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68784] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68785] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68786] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68787] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68788] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68789] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68790] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68791] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68792] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68793] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68794] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68795] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68796] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68797] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68798] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68799] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68800] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68801] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68802] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68803] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68804] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68805] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68806] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68807] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68808] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68809] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68810] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68811] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68812] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68813] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68814] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68815] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68816] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68817] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68818] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68819] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68820] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68821] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68822] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-68823] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71064] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71065] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71066] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71067] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71068] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71069] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71070] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71071] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71072] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71073] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71074] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71075] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71076] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71077] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71078] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71079] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71080] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71081] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71082] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71083] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71084] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71085] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71086] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71087] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71088] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71089] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71090] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71091] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71092] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71093] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71094] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71095] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71096] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71097] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71098] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71099] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71100] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71101] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71102] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71103] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71104] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71105] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71106] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71107] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71108] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71109] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71110] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71111] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71112] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71113] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71114] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71115] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71116] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71117] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71118] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71119] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71120] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71121] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71122] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71123] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71124] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71125] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71126] = "cpe-stable-backport: Backported in 6.18.3"
+
+CVE_STATUS[CVE-2025-71127] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71128] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71129] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71130] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71131] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71132] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71133] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71134] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71135] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71136] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71137] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71138] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71139] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71140] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71141] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71142] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71143] = "cpe-stable-backport: Backported in 6.18.4"
+
+CVE_STATUS[CVE-2025-71144] = "cpe-stable-backport: Backported in 6.18.5"
+
+CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.18.6"
+
+CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.18.6"
+
-- 
2.43.0

[meta][PATCH 07/07] linux-yocto-dev: update to 6.19

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Bumping the -dev kernel to 6.19. Boot and tests have been run
on all major architectures.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index fb4e0864d2..2ca7777a5e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -14,7 +14,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # provide this .inc to set specific revisions
 include recipes-kernel/linux/linux-yocto-dev-revisions.inc
 
-KBRANCH = "v6.18/standard/base"
+KBRANCH = "v6.19/standard/base"
 KMETA = "kernel-meta"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name=machine;protocol=https \
@@ -28,7 +28,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name
 SRCREV_machine ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 SRCREV_meta ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 
-LINUX_VERSION ?= "6.18"
+LINUX_VERSION ?= "6.19"
 LINUX_VERSION_EXTENSION ?= "-yoctodev-${LINUX_KERNEL_TYPE}"
 PV = "${LINUX_VERSION}+git"
 
-- 
2.43.0