public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed
From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [meta][PATCH 02/15] linux-yocto/6.18: update CVE exclusions (6.18.20)
Date: Thu, 23 Apr 2026 11:32:09 -0400	[thread overview]
Message-ID: <20260423153222.1932256-3-bruce.ashfield@gmail.com> (raw)
In-Reply-To: <20260423153222.1932256-1-bruce.ashfield@gmail.com>

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 13 changes (7 new | 6 updated): - 7 new CVEs: CVE-2026-31943, CVE-2026-31945, CVE-2026-31950, CVE-2026-31951, CVE-2026-32241, CVE-2026-34389, CVE-2026-34391 - 6 updated CVEs: CVE-2026-26060, CVE-2026-33284, CVE-2026-34374, CVE-2026-34387, CVE-2026-4966, CVE-2026-4972
        Date: Fri, 27 Mar 2026 19:35:44 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.18.inc              | 252 +++++++++++++++++-
 1 file changed, 245 insertions(+), 7 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 73b93ff135..8f458e9d10 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-03-23 02:14:01.393507+00:00 for kernel version 6.18.19
-# From linux_kernel_cves cve_2026-03-23_0100Z
+# Generated at 2026-03-27 19:44:12.925073+00:00 for kernel version 6.18.20
+# From linux_kernel_cves cve_2026-03-27_1900Z-1-g663ca5d2278
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.19"
+    this_version = "6.18.20"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -2770,8 +2770,6 @@ CVE_STATUS[CVE-2022-49265] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49266] = "fixed-version: Fixed from version 5.18"
 
-CVE_STATUS[CVE-2022-49267] = "fixed-version: Fixed from version 5.18"
-
 CVE_STATUS[CVE-2022-49268] = "fixed-version: Fixed from version 5.18"
 
 CVE_STATUS[CVE-2022-49269] = "fixed-version: Fixed from version 5.18"
@@ -9916,8 +9914,6 @@ CVE_STATUS[CVE-2024-27040] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-27041] = "fixed-version: Fixed from version 6.9"
 
-CVE_STATUS[CVE-2024-27042] = "fixed-version: Fixed from version 6.9"
-
 CVE_STATUS[CVE-2024-27043] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-27044] = "fixed-version: Fixed from version 6.9"
@@ -21040,3 +21036,245 @@ CVE_STATUS[CVE-2026-23277] = "cpe-stable-backport: Backported in 6.18.19"
 
 CVE_STATUS[CVE-2026-23278] = "cpe-stable-backport: Backported in 6.18.19"
 
+CVE_STATUS[CVE-2026-23279] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23280] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23281] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23282] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23283] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23284] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23285] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23290] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23291] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23292] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23293] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23294] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23295] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23296] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23297] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23298] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23299] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23300] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23301] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23302] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23303] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23304] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23305] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23306] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23307] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23308] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23309] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23310] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23311] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23312] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23313] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23314] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23315] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23316] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23317] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23320] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23322] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23323] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23324] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23326] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23327 needs backporting (fixed from 7.0rc2)
+
+# CVE-2026-23328 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23329] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23330] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23333 has no known resolution
+
+CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23336] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23337] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23338] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23342] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23343] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23344] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23345] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23346] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23347] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23348] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23349] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23350] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23351] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23352] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23353] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23354] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23355] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23356] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23357] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23358] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23359] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23360] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23361] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23362] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23363] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23364] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-23365] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23366] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23367] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23368] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23369] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23371 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23373] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23374 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23375] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23376] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23377 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23379] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23380] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23381] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23382] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23383] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23384] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23385] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23386] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.18.17"
+
+# CVE-2026-23389 needs backporting (fixed from 7.0rc3)
+
+CVE_STATUS[CVE-2026-23390] = "cpe-stable-backport: Backported in 6.18.13"
+
+CVE_STATUS[CVE-2026-23391] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23393] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23394 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23396] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-31788 has no known resolution
+
-- 
2.43.0



  parent reply	other threads:[~2026-04-23 15:32 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-23 15:32 [PATCH 0/15] linux-yocto: -stable updates bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 01/15] linux-yocto/6.18: update to v6.18.20 bruce.ashfield
2026-04-23 15:32 ` bruce.ashfield [this message]
2026-04-23 15:32 ` [meta][PATCH 03/15] linux-yocto/6.18: update to v6.18.21 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 04/15] linux-yocto/6.18: update CVE exclusions (6.18.21) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 05/15] linux-yocto/6.18: update to v6.18.22 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta][PATCH 06/15] linux-yocto/6.18: update CVE exclusions (6.18.22) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 07/15] linux-yocto/6.18: update to v6.18.23 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 08/15] linux-yocto/6.18: update CVE exclusions (6.18.23) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 09/15] linux-yocto/6.18: update to v6.18.24 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 10/15] linux-yocto/6.18: update CVE exclusions (6.18.24) bruce.ashfield
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 11/15] yocto-bsps: update to v6.18.20 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 12/15] yocto-bsps: update to v6.18.21 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 13/15] yocto-bsps: update to v6.18.22 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 14/15] yocto-bsps: update to v6.18.23 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 15/15] yocto-bsps: update to v6.18.24 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260423153222.1932256-3-bruce.ashfield@gmail.com \
    --to=bruce.ashfield@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=richard.purdie@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox