[PATCH 11/14] linux-yocto/6.12: update CVE exclusions (6.12.55)

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [PATCH 11/14] linux-yocto/6.12: update CVE exclusions (6.12.55)
Date: Thu, 30 Oct 2025 13:12:24 -0400	[thread overview]
Message-ID: <2661f4c65898fb034a8176b24fc08573dfd55af1.1761844161.git.bruce.ashfield@gmail.com> (raw)
In-Reply-To: <cover.1761844161.git.bruce.ashfield@gmail.com>

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2025-10939 - 0 updated CVEs:
        Date: Tue, 28 Oct 2025 03:16:46 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 190 +++++++++++++++++-
 1 file changed, 185 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 48a7d59689..1e596c11b7 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-16 13:21:03.993902+00:00 for kernel version 6.12.53
-# From linux_kernel_cves cve_2025-10-16_1200Z-2-g676292fb5cd
+# Generated at 2025-10-28 03:21:45.408892+00:00 for kernel version 6.12.55
+# From linux_kernel_cves cve_2025-10-28_0200Z-1-g573c9628fcf
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.53"
+    this_version = "6.12.55"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5274,6 +5274,60 @@ CVE_STATUS[CVE-2022-50554] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50555] = "fixed-version: Fixed from version 6.1"
 
+CVE_STATUS[CVE-2022-50556] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50557] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50558] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50559] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50560] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50561] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50562] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50563] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50564] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50565] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50566] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50567] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50568] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50569] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50570] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50571] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50572] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50573] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50574] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50575] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50576] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50577] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50578] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50579] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50580] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50581] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50582] = "fixed-version: Fixed from version 6.1"
+
 CVE_STATUS[CVE-2023-32246] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-32249] = "fixed-version: Fixed from version 6.4"
@@ -7540,6 +7594,88 @@ CVE_STATUS[CVE-2023-53686] = "fixed-version: Fixed from version 6.6"
 
 CVE_STATUS[CVE-2023-53687] = "fixed-version: Fixed from version 6.5"
 
+CVE_STATUS[CVE-2023-53692] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53693] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53694] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53695] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53696] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53697] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53698] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53699] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53700] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53702] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53703] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53704] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53705] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53706] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53707] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53708] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53709] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53710] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53711] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53712] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53713] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53714] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53715] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53716] = "fixed-version: Fixed from version 6.3.5"
+
+CVE_STATUS[CVE-2023-53717] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53718] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53719] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53720] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53721] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53722] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53723] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53724] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53725] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53726] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53727] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53728] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53729] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53730] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53731] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53732] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53733] = "fixed-version: Fixed from version 6.5"
+
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -17138,8 +17274,6 @@ CVE_STATUS[CVE-2025-39896] = "cpe-stable-backport: Backported in 6.12.46"
 
 CVE_STATUS[CVE-2025-39897] = "cpe-stable-backport: Backported in 6.12.46"
 
-CVE_STATUS[CVE-2025-39898] = "cpe-stable-backport: Backported in 6.12.46"
-
 CVE_STATUS[CVE-2025-39899] = "cpe-stable-backport: Backported in 6.12.46"
 
 CVE_STATUS[CVE-2025-39900] = "cpe-stable-backport: Backported in 6.12.46"
@@ -17344,8 +17478,54 @@ CVE_STATUS[CVE-2025-39999] = "fixed-version: only affects 6.16 onwards"
 
 CVE_STATUS[CVE-2025-40000] = "cpe-stable-backport: Backported in 6.12.52"
 
+CVE_STATUS[CVE-2025-40001] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40002] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-40003] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40004] = "cpe-stable-backport: Backported in 6.12.53"
+
+# CVE-2025-40005 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-40006] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40007] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40008] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40009] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40010] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40011] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40012] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40013] = "cpe-stable-backport: Backported in 6.12.51"
+
 # CVE-2025-40014 needs backporting (fixed from 6.15)
 
+CVE_STATUS[CVE-2025-40015] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-40016] = "cpe-stable-backport: Backported in 6.12.51"
+
+CVE_STATUS[CVE-2025-40017] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-40018] = "cpe-stable-backport: Backported in 6.12.53"
+
+CVE_STATUS[CVE-2025-40019] = "cpe-stable-backport: Backported in 6.12.54"
+
+CVE_STATUS[CVE-2025-40020] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40021] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40022] = "cpe-stable-backport: Backported in 6.12.50"
+
+CVE_STATUS[CVE-2025-40023] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-40024] = "cpe-stable-backport: Backported in 6.12.50"
+
 CVE_STATUS[CVE-2025-40114] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
-- 
2.39.2

next prev parent reply	other threads:[~2025-10-30 17:12 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-30 17:12 [PATCH 00/14] kernel-yocto: consolidated pull request bruce.ashfield
2025-10-30 17:12 ` [PATCH 01/14] linux-yocto: introduce 6.17 reference kernels bruce.ashfield
2025-10-30 17:12 ` [PATCH 02/14] linux-yocto/6.17: update CVE exclusions (6.17.5) bruce.ashfield
2025-10-30 17:12 ` [PATCH 03/14] linux-yocto/6.17: fix qemuarm config audit warning bruce.ashfield
2025-10-30 17:12 ` [PATCH 04/14] linux-yocto/6.17: unify qemumips (malta) branches bruce.ashfield
2025-10-30 17:12 ` [PATCH 05/14] linux-yocto/6.17: fix rdinit boot warning bruce.ashfield
2025-10-30 17:12 ` [PATCH 06/14] linux-yocto/6.17: update to v6.17.6 bruce.ashfield
2025-10-30 17:12 ` [PATCH 07/14] linux-yocto/6.17: update CVE exclusions (6.17.6) bruce.ashfield
2025-10-30 17:12 ` [PATCH 08/14] linux-yocto/6.12: update to v6.12.53 bruce.ashfield
2025-10-30 17:12 ` [PATCH 09/14] linux-yocto/6.12: update CVE exclusions (6.12.53) bruce.ashfield
2025-10-30 17:12 ` [PATCH 10/14] linux-yocto/6.12: update to v6.12.55 bruce.ashfield
2025-10-30 17:12 ` bruce.ashfield [this message]
2025-10-30 17:12 ` [PATCH 12/14] poky: make linux-yocto 6.17 the preferred version bruce.ashfield
2025-10-31  7:34   ` [OE-core] " Mikko Rapeli
2025-10-31 12:44     ` Bruce Ashfield
2025-10-30 17:12 ` [PATCH 13/14] yocto-bsp/6.16: specify genericarm64 SRCREV bruce.ashfield
2025-10-31  7:38   ` [OE-core] " Mikko Rapeli
2025-10-30 17:12 ` [PATCH 14/14] yocto-bsp/6.17: introduce kernel bbappend bruce.ashfield
2025-10-31 16:41 ` [OE-core] [PATCH 00/14] kernel-yocto: consolidated pull request Joao Marcos Costa
2025-10-31 16:46   ` Bruce Ashfield

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:48a7d5968 dfblob:1e596c11b )
 OR (
bs:"[PATCH 11/14] linux-yocto/6.12: update CVE exclusions (6.12.55)" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2661f4c65898fb034a8176b24fc08573dfd55af1.1761844161.git.bruce.ashfield@gmail.com \
    --to=bruce.ashfield@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=richard.purdie@linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox