From: bruce.ashfield@gmail.com
To: richard.purdie@linuxfoundation.org
Cc: openembedded-core@lists.openembedded.org
Subject: [PATCH 07/14] linux-yocto/6.17: update CVE exclusions (6.17.6)
Date: Thu, 30 Oct 2025 13:12:20 -0400 [thread overview]
Message-ID: <606ec2a80159804f97df8cb502e0fba46f48740c.1761844161.git.bruce.ashfield@gmail.com> (raw)
In-Reply-To: <cover.1761844161.git.bruce.ashfield@gmail.com>
From: Bruce Ashfield <bruce.ashfield@gmail.com>
Data pulled from: https://github.com/CVEProject/cvelistV5
1/1 [
Author: cvelistV5 Github Action
Email: github_action@example.com
Subject: 6 changes (4 new | 2 updated): - 4 new CVEs: CVE-2025-60319, CVE-2025-61120, CVE-2025-61121, CVE-2025-62726 - 2 updated CVEs: CVE-2023-41265, CVE-2025-12517
Date: Thu, 30 Oct 2025 16:36:48 +0000
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
.../linux/cve-exclusion_6.17.inc | 172 +++++++++++++++++-
1 file changed, 167 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.17.inc b/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
index d8bd69e363..126afb8ede 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.17.inc
@@ -1,11 +1,11 @@
# Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-24 17:33:21.643193+00:00 for kernel version 6.17.5
-# From linux_kernel_cves cve_2025-10-24_1700Z-1-g54a7791aaf0
+# Generated at 2025-10-30 16:47:14.266821+00:00 for kernel version 6.17.6
+# From linux_kernel_cves cve_2025-10-30_1600Z-2-g07cefa3115c
python check_kernel_cve_status_version() {
- this_version = "6.17.5"
+ this_version = "6.17.6"
kernel_version = d.getVar("LINUX_VERSION")
if kernel_version != this_version:
bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -6806,8 +6806,6 @@ CVE_STATUS[CVE-2023-53291] = "fixed-version: Fixed from version 6.5"
CVE_STATUS[CVE-2023-53292] = "fixed-version: Fixed from version 6.5"
-CVE_STATUS[CVE-2023-53293] = "fixed-version: Fixed from version 6.4"
-
CVE_STATUS[CVE-2023-53294] = "fixed-version: Fixed from version 6.4"
CVE_STATUS[CVE-2023-53295] = "fixed-version: Fixed from version 6.3"
@@ -7676,6 +7674,8 @@ CVE_STATUS[CVE-2023-53732] = "fixed-version: Fixed from version 6.4"
CVE_STATUS[CVE-2023-53733] = "fixed-version: Fixed from version 6.5"
+CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3"
+
CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -17526,6 +17526,168 @@ CVE_STATUS[CVE-2025-40023] = "fixed-version: Fixed from version 6.17"
CVE_STATUS[CVE-2025-40024] = "fixed-version: Fixed from version 6.17"
+CVE_STATUS[CVE-2025-40025] = "cpe-stable-backport: Backported in 6.17.2"
+
+CVE_STATUS[CVE-2025-40026] = "cpe-stable-backport: Backported in 6.17.2"
+
+CVE_STATUS[CVE-2025-40027] = "cpe-stable-backport: Backported in 6.17.2"
+
+CVE_STATUS[CVE-2025-40028] = "cpe-stable-backport: Backported in 6.17.2"
+
+CVE_STATUS[CVE-2025-40029] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40030] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40031] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40032] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40033] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40034] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40035] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40036] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40037] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40038] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40039] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40040] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40041] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40042] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40043] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40044] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40045] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40046] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40047] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40048] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40049] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40050] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40051] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40052] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40053] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40054] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40055] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40056] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40057] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40058] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40059] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40060] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40061] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40062] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40063] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40064] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40065] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40066] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40067] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40068] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40069] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40070] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40071] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40072] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40073] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40074] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40075] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40076] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40077] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40078] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40079] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40080] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40081] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40082] = "cpe-stable-backport: Backported in 6.17.3"
+
+CVE_STATUS[CVE-2025-40083] = "fixed-version: Fixed from version 6.16"
+
+# CVE-2025-40084 has no known resolution
+
+CVE_STATUS[CVE-2025-40085] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40086] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40087] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40088] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40089] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40090] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40091] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40092] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40093] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40094] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40095] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40096] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40097] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40098] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40099] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40100] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40101] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40102] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40103] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40104] = "cpe-stable-backport: Backported in 6.17.5"
+
+CVE_STATUS[CVE-2025-40105] = "cpe-stable-backport: Backported in 6.17.5"
+
CVE_STATUS[CVE-2025-40114] = "fixed-version: Fixed from version 6.15"
CVE_STATUS[CVE-2025-40300] = "fixed-version: Fixed from version 6.17"
--
2.39.2
next prev parent reply other threads:[~2025-10-30 17:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 17:12 [PATCH 00/14] kernel-yocto: consolidated pull request bruce.ashfield
2025-10-30 17:12 ` [PATCH 01/14] linux-yocto: introduce 6.17 reference kernels bruce.ashfield
2025-10-30 17:12 ` [PATCH 02/14] linux-yocto/6.17: update CVE exclusions (6.17.5) bruce.ashfield
2025-10-30 17:12 ` [PATCH 03/14] linux-yocto/6.17: fix qemuarm config audit warning bruce.ashfield
2025-10-30 17:12 ` [PATCH 04/14] linux-yocto/6.17: unify qemumips (malta) branches bruce.ashfield
2025-10-30 17:12 ` [PATCH 05/14] linux-yocto/6.17: fix rdinit boot warning bruce.ashfield
2025-10-30 17:12 ` [PATCH 06/14] linux-yocto/6.17: update to v6.17.6 bruce.ashfield
2025-10-30 17:12 ` bruce.ashfield [this message]
2025-10-30 17:12 ` [PATCH 08/14] linux-yocto/6.12: update to v6.12.53 bruce.ashfield
2025-10-30 17:12 ` [PATCH 09/14] linux-yocto/6.12: update CVE exclusions (6.12.53) bruce.ashfield
2025-10-30 17:12 ` [PATCH 10/14] linux-yocto/6.12: update to v6.12.55 bruce.ashfield
2025-10-30 17:12 ` [PATCH 11/14] linux-yocto/6.12: update CVE exclusions (6.12.55) bruce.ashfield
2025-10-30 17:12 ` [PATCH 12/14] poky: make linux-yocto 6.17 the preferred version bruce.ashfield
2025-10-31 7:34 ` [OE-core] " Mikko Rapeli
2025-10-31 12:44 ` Bruce Ashfield
2025-10-30 17:12 ` [PATCH 13/14] yocto-bsp/6.16: specify genericarm64 SRCREV bruce.ashfield
2025-10-31 7:38 ` [OE-core] " Mikko Rapeli
2025-10-30 17:12 ` [PATCH 14/14] yocto-bsp/6.17: introduce kernel bbappend bruce.ashfield
2025-10-31 16:41 ` [OE-core] [PATCH 00/14] kernel-yocto: consolidated pull request Joao Marcos Costa
2025-10-31 16:46 ` Bruce Ashfield
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=606ec2a80159804f97df8cb502e0fba46f48740c.1761844161.git.bruce.ashfield@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox