[meta][PATCH 04/15] linux-yocto/6.18: update CVE exclusions (6.18.21)

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [meta][PATCH 04/15] linux-yocto/6.18: update CVE exclusions (6.18.21)
Date: Thu, 23 Apr 2026 11:32:11 -0400	[thread overview]
Message-ID: <20260423153222.1932256-5-bruce.ashfield@gmail.com> (raw)
In-Reply-To: <20260423153222.1932256-1-bruce.ashfield@gmail.com>

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 35 changes (5 new | 30 updated): - 5 new CVEs: CVE-2025-57847, CVE-2025-57851, CVE-2025-57853, CVE-2025-57854, CVE-2025-58713 - 30 updated CVEs: CVE-2023-52356, CVE-2024-8299, CVE-2024-9852, CVE-2025-14104, CVE-2025-14821, CVE-2025-14831, CVE-2026-1757, CVE-2026-26157, CVE-2026-26158, CVE-2026-27787, CVE-2026-28261, CVE-2026-2625, CVE-2026-35393, CVE-2026-35398, CVE-2026-35409, CVE-2026-35413, CVE-2026-35444, CVE-2026-35452, CVE-2026-35473, CVE-2026-39698, CVE-2026-39700, CVE-2026-39702, CVE-2026-39935, CVE-2026-3142, CVE-2026-3781, CVE-2026-4483, CVE-2026-5302, CVE-2026-5506, CVE-2026-5688, CVE-2026-5705
        Date: Wed, 8 Apr 2026 14:13:08 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.18.inc              | 216 +++++++++++++++++-
 1 file changed, 206 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
index 8f458e9d10..03f89ed9eb 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.18.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2026-03-27 19:44:12.925073+00:00 for kernel version 6.18.20
-# From linux_kernel_cves cve_2026-03-27_1900Z-1-g663ca5d2278
+# Generated at 2026-04-08 14:33:17.297345+00:00 for kernel version 6.18.21
+# From linux_kernel_cves cve_2026-04-08_1300Z-1-g105fda2ec51
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.18.20"
+    this_version = "6.18.21"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -19248,7 +19248,7 @@ CVE_STATUS[CVE-2025-40217] = "fixed-version: Fixed from version 6.18"
 
 CVE_STATUS[CVE-2025-40218] = "fixed-version: Fixed from version 6.18"
 
-CVE_STATUS[CVE-2025-40219] = "fixed-version: Fixed from version 6.18"
+CVE_STATUS[CVE-2025-40219] = "cpe-stable-backport: Backported in 6.18.16"
 
 CVE_STATUS[CVE-2025-40220] = "fixed-version: Fixed from version 6.18"
 
@@ -20108,8 +20108,6 @@ CVE_STATUS[CVE-2025-68810] = "cpe-stable-backport: Backported in 6.18.3"
 
 CVE_STATUS[CVE-2025-68811] = "cpe-stable-backport: Backported in 6.18.3"
 
-CVE_STATUS[CVE-2025-68812] = "cpe-stable-backport: Backported in 6.18.3"
-
 CVE_STATUS[CVE-2025-68813] = "cpe-stable-backport: Backported in 6.18.3"
 
 CVE_STATUS[CVE-2025-68814] = "cpe-stable-backport: Backported in 6.18.3"
@@ -21118,8 +21116,6 @@ CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.18.17"
 
-CVE_STATUS[CVE-2026-23320] = "cpe-stable-backport: Backported in 6.18.17"
-
 CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23322] = "cpe-stable-backport: Backported in 6.18.17"
@@ -21144,7 +21140,7 @@ CVE_STATUS[CVE-2026-23331] = "cpe-stable-backport: Backported in 6.18.17"
 
 CVE_STATUS[CVE-2026-23332] = "cpe-stable-backport: Backported in 6.18.17"
 
-# CVE-2026-23333 has no known resolution
+# CVE-2026-23333 needs backporting (fixed from 7.0rc1)
 
 CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.18.17"
 
@@ -21276,5 +21272,205 @@ CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.18.20"
 
 CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.18.20"
 
-# CVE-2026-31788 has no known resolution
+CVE_STATUS[CVE-2026-23399] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23400] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-23401] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23402] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23403] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23404] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23405] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23406] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23407] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23408] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23409] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23410] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23411] = "cpe-stable-backport: Backported in 6.18.18"
+
+CVE_STATUS[CVE-2026-23412] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23413] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23414] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23415] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23416] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23417] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-23418] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23419] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23420] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23421] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23422] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23423] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23424] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23425] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23426] = "cpe-stable-backport: Backported in 6.18.17"
+
+CVE_STATUS[CVE-2026-23427] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23428] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23429] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23430] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23431] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23432] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23433] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23434] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23435] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23436] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23437] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23438] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23439] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23442 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23444] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23445] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23446] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23447] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23448] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23449] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23450] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23451] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23452] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23453] = "fixed-version: only affects 6.19 onwards"
+
+CVE_STATUS[CVE-2026-23454] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23455] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23456] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.18.20"
+
+# CVE-2026-23459 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23461] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23462] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23463] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23464] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23465] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23466] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23467] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23468] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23469] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23470] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23471] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23472] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23473] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23474] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-23475] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31389] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31390] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31391] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31392] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31393] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31394] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31395] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31396] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31397] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31398] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31399] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31400] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31401] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31402] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31403] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31404] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.18.19"
+
+CVE_STATUS[CVE-2026-31406] = "cpe-stable-backport: Backported in 6.18.21"
+
+# CVE-2026-31407 needs backporting (fixed from 7.0rc5)
+
+CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.18.21"
+
+CVE_STATUS[CVE-2026-31409] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31410] = "cpe-stable-backport: Backported in 6.18.20"
+
+CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.18.14"
+
+CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.18.20"
 
-- 
2.43.0

next prev parent reply	other threads:[~2026-04-23 15:32 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-23 15:32 [PATCH 0/15] linux-yocto: -stable updates bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 01/15] linux-yocto/6.18: update to v6.18.20 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 02/15] linux-yocto/6.18: update CVE exclusions (6.18.20) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 03/15] linux-yocto/6.18: update to v6.18.21 bruce.ashfield
2026-04-23 15:32 ` bruce.ashfield [this message]
2026-04-23 15:32 ` [meta][PATCH 05/15] linux-yocto/6.18: update to v6.18.22 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta][PATCH 06/15] linux-yocto/6.18: update CVE exclusions (6.18.22) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 07/15] linux-yocto/6.18: update to v6.18.23 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 08/15] linux-yocto/6.18: update CVE exclusions (6.18.23) bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 09/15] linux-yocto/6.18: update to v6.18.24 bruce.ashfield
2026-04-23 15:32 ` [meta][PATCH 10/15] linux-yocto/6.18: update CVE exclusions (6.18.24) bruce.ashfield
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 11/15] yocto-bsps: update to v6.18.20 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 12/15] yocto-bsps: update to v6.18.21 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 13/15] yocto-bsps: update to v6.18.22 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 14/15] yocto-bsps: update to v6.18.23 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest
2026-04-23 15:32 ` [meta-yocto-bsp][PATCH 15/15] yocto-bsps: update to v6.18.24 bruce.ashfield
2026-04-23 15:46   ` Patchtest results for " patchtest

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8f458e9d1 dfblob:03f89ed9e )
 OR (
bs:"[meta][PATCH 04/15] linux-yocto/6.18: update CVE exclusions (6.18.21)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260423153222.1932256-5-bruce.ashfield@gmail.com \
    --to=bruce.ashfield@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=richard.purdie@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox