[PATCH 00/11] kernel-yocto: -stable, -dev and tools

[PATCH 00/11] kernel-yocto: -stable, -dev and tools

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Richard,

I realize we are still fighting the perf reproducibility issues, but
I wanted to send these out since there have been some questions about
-stable, 6.18+ and configuration issues.

Plus I was able to get these patches off my machine with hardware issues,
so I wanted to get them sent.

Feel free to disregard any of the patches that we don't want, they'll
be on the list for anyone looking for them.

The -stable updates are routine, 6.18+ won't impact existing release
kernels, and the configuration updates for genericarm64 are additive.
So the risk is low for the series as a whole.

Cheers,

Bruce

The following changes since commit 64a879e9b61b56e8bd8070b3f906d9d35fc4153d:

  perf: Bump versions to resolve hashequiv/reproducibility issues (2025-10-15 17:15:46 +0100)

are available in the Git repository at:

  https://git.yoctoproject.org/poky-contrib zedd/kernel
  https://git.yoctoproject.org/poky-contrib/log/?h=zedd/kernel

Bruce Ashfield (11):
  linux-yocto/6.16: update to v6.16.11
  linux-yocto/6.16: update CVE exclusions (6.16.11)
  linux-yocto/6.12: update to v6.12.50
  linux-yocto/6.12: update CVE exclusions (6.12.50)
  linux-yocto/6.12: update to v6.12.51
  linux-yocto/6.12: update CVE exclusions (6.12.51)
  linux-yocto/6.12: update to v6.12.52
  linux-yocto/6.12: update CVE exclusions (6.12.52)
  linux-yocto/6.16: genericarm64: feature splits and enablement
  kern-tools: fix symbol_why for v6.18-rc1+
  linux-yocto-dev: update to v6.18

 .../kern-tools/kern-tools-native_git.bb       |   2 +-
 .../linux/cve-exclusion_6.12.inc              | 966 +++++++++++++++++-
 .../linux/cve-exclusion_6.16.inc              | 658 +++++++++++-
 meta/recipes-kernel/linux/linux-yocto-dev.bb  |   4 +-
 .../linux/linux-yocto-rt_6.12.bb              |   6 +-
 .../linux/linux-yocto-rt_6.16.bb              |   6 +-
 .../linux/linux-yocto-tiny_6.12.bb            |   6 +-
 .../linux/linux-yocto-tiny_6.16.bb            |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.12.bb |  28 +-
 meta/recipes-kernel/linux/linux-yocto_6.16.bb |  28 +-
 10 files changed, 1607 insertions(+), 103 deletions(-)

-- 
2.39.2

[PATCH 01/11] linux-yocto/6.16: update to v6.16.11

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.16 to the latest korg -stable release that comprises
the following commits:

    683320aeb0e83 Linux 6.16.11
    8f9c9fafc0e7a ASoC: qcom: audioreach: fix potential null pointer dereference
    1f053d82e59c7 media: stm32-csi: Fix dereference before NULL check
    c9e024e907caf media: iris: Fix memory leak by freeing untracked persist buffer
    888830b2cbc03 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
    9cddad3b26dac mm: swap: check for stable address space before operating on the VMA
    15c0e136bd8cd media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
    d9f6ce99624a4 media: rc: fix races with imon_disconnect()
    9a00de20ed8ba media: tuner: xc5000: Fix use-after-free in xc5000_release
    f3f3f00bcabbd media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
    3ffabc79388e6 media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove
    af600e7f5526d ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
    4b29228694958 scsi: target: target_core_configfs: Add length check to avoid buffer overflow
    412450c2f9d16 gcc-plugins: Remove TODO_verify_il for GCC >= 16
    8faee580d63bc blk-mq: fix blk_mq_tags double free while nr_requests grown
    bcabc18865f36 Linux 6.16.10
    e4825368285e3 iommufd: Fix race during abort for file descriptors
    e7e5315212819 spi: cadence-qspi: defer runtime support on socfpga if reset bit is enabled
    b7ec8a2b094a3 spi: cadence-quadspi: Implement refcount to handle unbind during busy
    4109506b7eba2 sched_ext: idle: Handle migration-disabled tasks in BPF code
    1f2bffc8dd18b sched_ext: idle: Make local functions static in ext_idle.c
    2243b9b728b3c wifi: iwlwifi: pcie: fix byte count table for some devices
    b9ebc20920be3 wifi: iwlwifi: fix byte count table for old devices
    fc19489dfaf42 fbcon: Fix OOB access in font allocation
    c0c01f9aa08c8 fbcon: fix integer overflow in fbcon_do_set_font
    2aa2cea8f7716 mm/damon/sysfs: do not ignore callback's return value in damon_sysfs_damon_call()
    21ee79ce93812 mm/hugetlb: fix folio is still mapped when deleted
    7c78ae54e342d x86/Kconfig: Reenable PTDUMP on i386
    309b8857c50d0 x86/topology: Implement topology_is_core_online() to address SMT regression
    b64d23d1b9321 riscv: Use an atomic xchg in pudp_huge_get_and_clear()
    8df142e93098b netfs: fix reference leak
    5855792c6bb9a kmsan: fix out-of-bounds access to shadow memory
    61ae3a52075dc gpiolib: Extend software-node support to support secondary software-nodes
    a2cb8818a3d91 fs/proc/task_mmu: check p->vec_buf for NULL
    41782c44bb843 afs: Fix potential null pointer dereference in afs_put_server
    a63e7dcf6a552 vhost-net: flush batched before enabling notifications
    7de587f87f37e Revert "vhost/net: Defer TX queue re-enable until after sendmsg"
    238f33bb3f6fa pinctrl: airoha: fix wrong MDIO function bitmaks
    cda80b7937bb5 pinctrl: airoha: fix wrong PHY LED mux value for LED1 GPIO46
    3bf00f58a8075 drm/amd/display: Only restore backlight after amdgpu_dm_init or dm_resume
    40903aa97e193 drm/ast: Use msleep instead of mdelay for edid read
    5168f19d4d819 drm/xe: Don't copy pinned kernel bos twice on suspend
    408d90e817211 arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports
    eca259860a084 arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes
    a22ccb766ced5 arm64: dts: marvell: cn913x-solidrun: fix sata ports status
    d00bcd2d5414e ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address
    e57d19757aeb2 tracing: fprobe: Fix to remove recorded module addresses from filter
    cbb8c94f92d0c tracing: fgraph: Protect return handler from recursion loop
    b47c4e06687a5 tracing: dynevent: Add a missing lockdown check on dynevent
    fbe96bd25423e crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
    6200d2e7ea6a6 i40e: improve VF MAC filters accounting
    168107437eac5 i40e: add mask to apply valid bits for itr_idx
    8b13df5aa877b i40e: add max boundary check for VF filters
    a991dc56d3e9a i40e: fix validation of VF state in get resources
    560e168341058 i40e: fix input validation logic for action_meta
    5c1f96123113e i40e: fix idx validation in config queues msg
    d4e3eaaa3cb3a i40e: fix idx validation in i40e_validate_queue_map
    afec12adab55d i40e: add validation for ring_len param
    1cf7258a9cf33 HID: asus: add support for missing PX series fn keys
    f76347f4ec435 HID: intel-thc-hid: intel-quickspi: Add WCL Device IDs
    930cb05a9e107 tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit()
    908478fe58848 Revert "drm/xe/guc: Enable extended CAT error reporting"
    e35eeb3a8eaf8 Revert "drm/xe/guc: Set RCS/CCS yield policy"
    093615fc76063 smb: client: fix wrong index reference in smb2_compound_op()
    923638cea4c17 platform/x86: lg-laptop: Fix WMAB call in fan_mode_store()
    2858cae6896ea drm/panthor: Defer scheduler entitiy destruction to queue release
    f1635765cd0fd futex: Use correct exit on failure from futex_hash_allocate_default()
    c6adf475f375c drm/amd/display: remove output_tf_change flag
    9682dc123f8f1 drm/i915/ddi: Guard reg_val against a INVALID_TRANSCODER
    94c5669b1b172 drm/xe: Fix build with CONFIG_MODULES=n
    bacbadedbba73 drm/xe/vf: Don't expose sysfs attributes not applicable for VFs
    6021d412108f7 gpio: regmap: fix memory leak of gpio_regmap structure
    d824b2dbdcfe3 futex: Prevent use-after-free during requeue-PI
    0fc650fa475b5 drm/gma500: Fix null dereference in hdmi teardown
    a8a63f27c3a8a octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
    449aae54fa510 net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port
    075c92577f529 net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
    8523fee4caad8 net/mlx5e: Fix missing FEC RS stats for RS_544_514_INTERLEAVED_QUAD
    5aa468e563ce7 net/mlx5: HWS, ignore flow level for multi-dest table
    7f1b5d056f053 net/mlx5: HWS, remove unused create_dest_array parameter
    3c77f6d244188 net/mlx5: fs, fix UAF in flow counter release
    1c5a55ce47578 selftests: fib_nexthops: Fix creation of non-FDB nexthops
    8dd4aa0122885 nexthop: Forbid FDB status change while nexthop is in a group
    61341d935833f net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
    3e4a313b11fca bnxt_en: correct offset handling for IPv6 destination address
    4d109d6c56c60 broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl
    1bfb2d9456c18 broadcom: fix support for PTP_PEROUT_DUTY_CYCLE
    87a1f16f07c6c Bluetooth: MGMT: Fix possible UAFs
    7ce635b3d3aba vhost: Take a reference on the task in struct vhost_task.
    a78fd4fc5694e Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
    dde33124f17cf Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
    1609ab5393d33 Bluetooth: hci_sync: Fix hci_resume_advertising_sync
    c283e4a0e078a ethernet: rvu-af: Remove slash from the driver name
    d5411685dc2f6 net/smc: fix warning in smc_rx_splice() when calling get_page()
    1697577e1669b net: tun: Update napi->skb after XDP process
    394c58017e5f4 can: peak_usb: fix shift-out-of-bounds issue
    b638c3fb0f163 can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
    7f7b21026a6fe can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
    e77fdf9e33a83 can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
    e587af2c89ecc can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
    cc4cb275764da xfrm: fix offloading of cross-family tunnels
    a78e557765223 xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
    966877e96d022 selftests/bpf: Skip timer cases when bpf_timer is not supported
    b6b7db6530236 bpf: Reject bpf_timer for PREEMPT_RT
    f577bec9836d1 can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
    528151da32c17 wifi: virt_wifi: Fix page fault on connect
    0bcc5ea4bb30d amd/amdkfd: correct mem limit calculation for small APUs
    a01d1325e0fbd drm/amdkfd: fix p2p links bug in topology
    aae986c5805c7 NFSv4.2: Protect copy offload and clone against 'eof page pollution'
    204099ce6574b NFS: Protect against 'eof page pollution'
    f51f9695207bc btrfs: don't allow adding block device of less than 1 MB
    e64b692a2d55f selftests/fs/mount-notify: Fix compilation failure.
    6233715b4b714 bpf: Check the helper function is valid in get_helper_proto
    e6014ad4d009e smb: server: use disable_work_sync in transport_rdma.c
    27ce0a17ee989 smb: server: don't use delayed_work for post_recv_credits_work
    302c25ec64051 cpufreq: Initialize cpufreq-based invariance before subsys
    d342ba13c2a91 ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients
    c49b3ffc64cae arm64: dts: imx8mp: Correct thermal sensor index
    8707ccbf686f7 firmware: imx: Add stub functions for SCMI CPU API
    5f9587bbb3bb7 firmware: imx: Add stub functions for SCMI LMM API
    39cc5381c80c0 firmware: imx: Add stub functions for SCMI MISC API
    e3aba0b7f24c4 arm64: dts: rockchip: Fix the headphone detection on the orangepi 5
    1f58c03bc7580 HID: amd_sfh: Add sync across amd sfh work functions
    0fd5a4eeb726c HID: cp2112: fix setter callbacks return value
    f1958eb140458 IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
    dbeeeae988cce net: sfp: add quirk for FLYPRO copper SFP+ module
    4ceb739a3260a ALSA: usb-audio: Add mute TLV for playback volumes on more devices
    f20938fb3ba2e ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
    f637c0678f8e8 gpiolib: acpi: Add quirk for ASUS ProArt PX13
    001470af9436a ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
    86cb0f559b71e platform/x86: oxpec: Add support for OneXPlayer X1 Mini Pro (Strix Point)
    1e1873264e9de ASoC: Intel: sof_rt5682: Add HDMI-In capture with rt5682 support for PTL.
    eae9d5c299b78 ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in PTL match table
    71f64a3244ac9 ASoC: Intel: soc-acpi: Add entry for sof_es8336 in PTL match table.
    9b866ec1b3d8f i2c: designware: Add quirk for Intel Xe
    dcae67ba20e39 mmc: sdhci-cadence: add Mobileye eyeQ support
    44fd9560ea831 drm/panfrost: Add support for Mali on the MT8370 SoC
    39fdf31a26526 drm/panfrost: Commonize Mediatek power domain array definitions
    8cae20f2a4719 drm/panfrost: Drop duplicated Mediatek supplies arrays
    01c1287ef2a44 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
    a94d1a0de44d7 net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info
    e9d96c5baa454 usb: core: Add 0x prefix to quirks debug output
    330e7cc51c275 ALSA: usb-audio: Fix build with CONFIG_INPUT=n
    645c7aa98d1e9 ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA
    9a183aeb23ca4 ALSA: usb-audio: Convert comma to semicolon
    bdb9cc8a8f940 HID: multitouch: specify that Apple Touch Bar is direct
    3e4453b40562f HID: multitouch: take cls->maxcontacts into account for Apple Touch Bar even without a HID_DG_CONTACTMAX field
    cf60067a13847 HID: multitouch: support getting the tip state from HID_DG_TOUCH fields in Apple Touch Bar
    6a6edca250126 HID: multitouch: Get the contact ID from HID_DG_TRANSDUCER_INDEX fields in case of Apple Touch Bar
    0105cfc41abeb ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
    042ce4cb97ae4 ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
    9f76d2c9e8c02 ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
    8af6015e380ca ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
    d3934ea7fb976 ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
    0afc2246dd448 ALSA: usb-audio: Fix block comments in mixer_quirks
    c11341fb8fc3a ALSA: usb-audio: Fix whitespace & blank line issues in mixer_quirks
    2ea8b2ce48de5 ALSA: usb-audio: Fix code alignment in mixer_quirks
    f8ae65129919a firewire: core: fix overlooked update of subsystem ABI version
    16bd546200ec5 scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.16.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.16.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.16.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
index 0d6ea9b392..9c1752d179 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "4f8446899dbe7700c1e7394bcc8afd497809ebc0"
-SRCREV_meta ?= "1ac1d0ff730fe1dd1371823d562db8126750a98c"
+SRCREV_machine ?= "c31e0cb82247b36842209614bb72af9127ef2471"
+SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.16;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.16.9"
+LINUX_VERSION ?= "6.16.11"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
index 4ab4d22486..c0dbec8b29 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.16.inc
 
-LINUX_VERSION ?= "6.16.9"
+LINUX_VERSION ?= "6.16.11"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_meta ?= "1ac1d0ff730fe1dd1371823d562db8126750a98c"
+SRCREV_machine ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.16.bb b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
index 1a633bad9b..81f37c8d8a 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.16/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.16/standard/base"
 KBRANCH:qemumips64 ?= "v6.16/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "945e9592c57f30b248f1973ca70678556fd8b441"
-SRCREV_machine:qemuarm64 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemuloongarch64 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemumips ?= "a924b211fade75edc1e28362ad8d321c08d428c8"
-SRCREV_machine:qemuppc ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemuriscv64 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemuriscv32 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemux86 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemux86-64 ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_machine:qemumips64 ?= "ccb566d859459b4dfef541f7c2af8d5eb6e47988"
-SRCREV_machine ?= "3f9db490a81eeb0077be3c5a5aa1388a2372232f"
-SRCREV_meta ?= "1ac1d0ff730fe1dd1371823d562db8126750a98c"
+SRCREV_machine:qemuarm ?= "cdb5121dcb8fbde2d7616011e8e84623914d17a4"
+SRCREV_machine:qemuarm64 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemuloongarch64 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemumips ?= "62ea92a539f58803a222be98b81118403074206e"
+SRCREV_machine:qemuppc ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemuriscv64 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemuriscv32 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemux86 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemux86-64 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_machine:qemumips64 ?= "9fb4ff0187c85426f21fd40d4c61b742800f65c4"
+SRCREV_machine ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
+SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "b0d8acc711981d712a59ee20b073cbc52a4109c5"
+SRCREV_machine:class-devupstream ?= "683320aeb0e83deac1b6c6794b0567969de09548"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.16/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.16;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.16.9"
+LINUX_VERSION ?= "6.16.11"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.39.2

[PATCH 02/11] linux-yocto/6.16: update CVE exclusions (6.16.11)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 1 changes (0 new | 1 updated): - 0 new CVEs: - 1 updated CVEs: CVE-2025-11337
        Date: Mon, 6 Oct 2025 13:49:49 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.16.inc              | 658 +++++++++++++++++-
 1 file changed, 643 insertions(+), 15 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.16.inc b/meta/recipes-kernel/linux/cve-exclusion_6.16.inc
index 17776b59a0..e35736105e 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.16.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.16.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-09-29 01:46:30.994598+00:00 for kernel version 6.16.9
-# From linux_kernel_cves cve_2025-09-29_0100Z
+# Generated at 2025-10-06 13:56:05.687479+00:00 for kernel version 6.16.11
+# From linux_kernel_cves cve_2025-10-06_1300Z-3-gc975b7523cd
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.16.9"
+    this_version = "6.16.11"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -1530,6 +1530,8 @@ CVE_STATUS[CVE-2021-4453] = "fixed-version: Fixed from version 5.16"
 
 CVE_STATUS[CVE-2021-4454] = "fixed-version: Fixed from version 6.2"
 
+CVE_STATUS[CVE-2021-4460] = "fixed-version: Fixed from version 5.13"
+
 CVE_STATUS[CVE-2022-21546] = "fixed-version: Fixed from version 5.19"
 
 # CVE-2022-26365 has no known resolution
@@ -4870,8 +4872,6 @@ CVE_STATUS[CVE-2022-50343] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50344] = "fixed-version: Fixed from version 6.1"
 
-CVE_STATUS[CVE-2022-50345] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50346] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50347] = "fixed-version: Fixed from version 6.2"
@@ -4972,8 +4972,6 @@ CVE_STATUS[CVE-2022-50395] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50396] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50397] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50398] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50399] = "fixed-version: Fixed from version 6.1"
@@ -5016,6 +5014,182 @@ CVE_STATUS[CVE-2022-50418] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50419] = "fixed-version: Fixed from version 6.1"
 
+CVE_STATUS[CVE-2022-50420] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50421] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50422] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50423] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50424] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50425] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50426] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50427] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50428] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50429] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50430] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50431] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50432] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50433] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50434] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50435] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50436] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50437] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50438] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50439] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50440] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50441] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50442] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50443] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50444] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50445] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50446] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50447] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50448] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50449] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50450] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50451] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50452] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50453] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50454] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50455] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50456] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50457] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50458] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50459] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50460] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50461] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50462] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50463] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50464] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50465] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50466] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50467] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50468] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50469] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50470] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50471] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50472] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50473] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50474] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50475] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50476] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50477] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50478] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50479] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50480] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50481] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50482] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50483] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50484] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50485] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50486] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50487] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50488] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50489] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50490] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50491] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50492] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50493] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50494] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50496] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50497] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50498] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50499] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50500] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50501] = "fixed-version: Fixed from version 6.2"
+
+# CVE-2022-50502 has no known resolution
+
+CVE_STATUS[CVE-2022-50503] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50504] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50505] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50506] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50507] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50508] = "fixed-version: Fixed from version 6.3"
+
 CVE_STATUS[CVE-2023-32246] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-32249] = "fixed-version: Fixed from version 6.4"
@@ -6806,6 +6980,342 @@ CVE_STATUS[CVE-2023-53446] = "fixed-version: Fixed from version 6.5"
 
 CVE_STATUS[CVE-2023-53447] = "fixed-version: Fixed from version 6.5"
 
+CVE_STATUS[CVE-2023-53448] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53449] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53450] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53451] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53452] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53453] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53454] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53455] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53456] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53457] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53458] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53459] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53460] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53461] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53462] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53463] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53464] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53465] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53466] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53467] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53468] = "fixed-version: Fixed from version 6.3"
+
+# CVE-2023-53469 has no known resolution
+
+CVE_STATUS[CVE-2023-53470] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53471] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53472] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53473] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53474] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53475] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53476] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53477] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53478] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53479] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53480] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53481] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53482] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53483] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53484] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53485] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53486] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53487] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53488] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53489] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53490] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53491] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53492] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53493] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53494] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53495] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53496] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53497] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53498] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53499] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53500] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53501] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53503] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53504] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53505] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53506] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53507] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53508] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53509] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53510] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53511] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53512] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53513] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53514] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53515] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53516] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53517] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53518] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53519] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53520] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53521] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53522] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53523] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53524] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53525] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53526] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53527] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53528] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53529] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53530] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53531] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53532] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53533] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53534] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53535] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53536] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53537] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53538] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53539] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53540] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53541] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53542] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53543] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53544] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53545] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53546] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53547] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53548] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53549] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53550] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53551] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53552] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53553] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53554] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53555] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53556] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53557] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53558] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53559] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53560] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53561] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53562] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53563] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53564] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53565] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53566] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53567] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53568] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53569] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53570] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53571] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53572] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53573] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53574] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53575] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53576] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53577] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53578] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53579] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53580] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53581] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53582] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53583] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53584] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53585] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53586] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53587] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53588] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53589] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53590] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53591] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53592] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53593] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53594] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53595] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53596] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53597] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53598] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53599] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53600] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53601] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53602] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53603] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53604] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53605] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53606] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53607] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53608] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53609] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53610] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53611] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53612] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53613] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53614] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53615] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53616] = "fixed-version: Fixed from version 6.6"
+
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -15956,7 +16466,7 @@ CVE_STATUS[CVE-2025-38734] = "cpe-stable-backport: Backported in 6.16.4"
 
 CVE_STATUS[CVE-2025-38735] = "cpe-stable-backport: Backported in 6.16.4"
 
-CVE_STATUS[CVE-2025-38736] = "cpe-stable-backport: Backported in 6.16.4"
+CVE_STATUS[CVE-2025-38736] = "fixed-version: Fixed from version 6.16.4"
 
 CVE_STATUS[CVE-2025-38737] = "cpe-stable-backport: Backported in 6.16.4"
 
@@ -16116,8 +16626,6 @@ CVE_STATUS[CVE-2025-39749] = "cpe-stable-backport: Backported in 6.16.2"
 
 CVE_STATUS[CVE-2025-39750] = "cpe-stable-backport: Backported in 6.16.2"
 
-CVE_STATUS[CVE-2025-39751] = "cpe-stable-backport: Backported in 6.16.2"
-
 CVE_STATUS[CVE-2025-39752] = "cpe-stable-backport: Backported in 6.16.2"
 
 CVE_STATUS[CVE-2025-39753] = "cpe-stable-backport: Backported in 6.16.2"
@@ -16212,8 +16720,6 @@ CVE_STATUS[CVE-2025-39797] = "cpe-stable-backport: Backported in 6.16.2"
 
 CVE_STATUS[CVE-2025-39798] = "cpe-stable-backport: Backported in 6.16.2"
 
-CVE_STATUS[CVE-2025-39799] = "fixed-version: only affects 6.17rc1 onwards"
-
 CVE_STATUS[CVE-2025-39800] = "cpe-stable-backport: Backported in 6.16.4"
 
 CVE_STATUS[CVE-2025-39801] = "cpe-stable-backport: Backported in 6.16.4"
@@ -16348,8 +16854,6 @@ CVE_STATUS[CVE-2025-39865] = "cpe-stable-backport: Backported in 6.16.6"
 
 CVE_STATUS[CVE-2025-39866] = "cpe-stable-backport: Backported in 6.16.6"
 
-CVE_STATUS[CVE-2025-39867] = "fixed-version: only affects 6.17rc1 onwards"
-
 CVE_STATUS[CVE-2025-39868] = "cpe-stable-backport: Backported in 6.16.8"
 
 CVE_STATUS[CVE-2025-39869] = "cpe-stable-backport: Backported in 6.16.8"
@@ -16378,7 +16882,7 @@ CVE_STATUS[CVE-2025-39880] = "cpe-stable-backport: Backported in 6.16.8"
 
 CVE_STATUS[CVE-2025-39881] = "cpe-stable-backport: Backported in 6.16.8"
 
-CVE_STATUS[CVE-2025-39882] = "cpe-stable-backport: Backported in 6.16.8"
+CVE_STATUS[CVE-2025-39882] = "fixed-version: Fixed from version 6.16.8"
 
 CVE_STATUS[CVE-2025-39883] = "cpe-stable-backport: Backported in 6.16.8"
 
@@ -16396,8 +16900,132 @@ CVE_STATUS[CVE-2025-39889] = "fixed-version: Fixed from version 6.15"
 
 CVE_STATUS[CVE-2025-39890] = "fixed-version: Fixed from version 6.16"
 
+CVE_STATUS[CVE-2025-39891] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39892] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39893] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39894] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39895] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39896] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39897] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39898] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39899] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39900] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39901] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39902] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39903] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39904] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39905] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39906] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39907] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39908] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39909] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39910] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39911] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39912] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39913] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39914] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39915] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39916] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39917] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39918] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39919] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39920] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39921] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39922] = "cpe-stable-backport: Backported in 6.16.6"
+
+CVE_STATUS[CVE-2025-39923] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39924] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39925] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39926] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39927] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39928] = "cpe-stable-backport: Backported in 6.16.8"
+
+CVE_STATUS[CVE-2025-39929] = "cpe-stable-backport: Backported in 6.16.9"
+
 CVE_STATUS[CVE-2025-39930] = "fixed-version: Fixed from version 6.15"
 
+CVE_STATUS[CVE-2025-39931] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39932] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39933] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39934] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39935] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39936] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39937] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39938] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39939] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39940] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39941] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39942] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39943] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39944] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39945] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39946] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39947] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39948] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39949] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39950] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39951] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39952] = "cpe-stable-backport: Backported in 6.16.9"
+
+CVE_STATUS[CVE-2025-39953] = "cpe-stable-backport: Backported in 6.16.9"
+
 CVE_STATUS[CVE-2025-39989] = "fixed-version: Fixed from version 6.15"
 
 CVE_STATUS[CVE-2025-40014] = "fixed-version: Fixed from version 6.15"
-- 
2.39.2

[PATCH 03/11] linux-yocto/6.12: update to v6.12.50

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:

    72b82d56b8213 Linux 6.12.50
    f89a0f1459dbc drm/i915/backlight: Return immediately when scale() finds invalid parameters
    cbfd3c7d4ed26 Revert "usb: xhci: remove option to change a default ring's TRB cycle bit"
    17195a7d754a5 iommufd: Fix race during abort for file descriptors
    51b8258efe254 fbcon: Fix OOB access in font allocation
    4a4bac869560f fbcon: fix integer overflow in fbcon_do_set_font
    910d7749346c4 mm/hugetlb: fix folio is still mapped when deleted
    f84e487070518 kmsan: fix out-of-bounds access to shadow memory
    159c156fd7148 gpiolib: Extend software-node support to support secondary software-nodes
    ca988dcdc6683 fs/proc/task_mmu: check p->vec_buf for NULL
    a13dbc5e20c72 afs: Fix potential null pointer dereference in afs_put_server
    aae514959d82b drm/ast: Use msleep instead of mdelay for edid read
    e2ded0872300c arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 ports
    562a1342224f9 arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes
    cb20fe9502635 ARM: dts: socfpga: sodia: Fix mdio bus probe and PHY address
    573b1e39edfcb tracing: dynevent: Add a missing lockdown check on dynevent
    316b090c2fee9 crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
    494ebb7b2f056 i40e: improve VF MAC filters accounting
    be4b969d28923 i40e: add mask to apply valid bits for itr_idx
    d33e5d6631ac4 i40e: add max boundary check for VF filters
    6128bbc7adc25 i40e: fix validation of VF state in get resources
    3118f41d8fa57 i40e: fix input validation logic for action_meta
    bfcc1dff429d4 i40e: fix idx validation in config queues msg
    cc4191e8ef40d i40e: fix idx validation in i40e_validate_queue_map
    05fe81fb9db20 i40e: add validation for ring_len param
    980ddc3a1ba65 HID: asus: add support for missing PX series fn keys
    bfb1e2aad1fec smb: client: fix wrong index reference in smb2_compound_op()
    26923ea48e33a platform/x86: lg-laptop: Fix WMAB call in fan_mode_store()
    894e005a01bdd drm/panthor: Defer scheduler entitiy destruction to queue release
    a170b9c0dde83 futex: Prevent use-after-free during requeue-PI
    f800f7054d2cf drm/gma500: Fix null dereference in hdmi teardown
    895fab2a4257a mm: folio_may_be_lru_cached() unless folio_test_large()
    9422cfa89e1dc mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch"
    0db0d69bc962c mm/gup: local lru_add_drain() to avoid lru_add_drain_all()
    c41b2941a024d octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
    ca74b67b475b9 net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port
    7d7e29b959f9b net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
    fbf6548f0f0f9 selftests: fib_nexthops: Fix creation of non-FDB nexthops
    f0e49fd13afe9 nexthop: Forbid FDB status change while nexthop is in a group
    3bc813c5e6bf3 net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
    90cfbb4e73db7 bnxt_en: correct offset handling for IPv6 destination address
    d2be773a92874 vhost: Take a reference on the task in struct vhost_task.
    484c7d571a3d1 Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
    23c9c485fa4c7 Bluetooth: hci_sync: Fix hci_resume_advertising_sync
    262f3836962c2 ethernet: rvu-af: Remove slash from the driver name
    14fc4fdae42e3 net/smc: fix warning in smc_rx_splice() when calling get_page()
    953200d56fc23 net: tun: Update napi->skb after XDP process
    eb79ed9706703 can: peak_usb: fix shift-out-of-bounds issue
    6b9fb82df8868 can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow
    de77841652e57 can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow
    def814b4ba31b can: hi311x: populate ndo_change_mtu() to prevent buffer overflow
    b26cccd87dcdd can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow
    9fcedabaae009 xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
    452ad25358504 bpf: Reject bpf_timer for PREEMPT_RT
    7a75aae4c0c21 can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
    79dc6d4932de4 wifi: virt_wifi: Fix page fault on connect
    7b478122cd39b btrfs: don't allow adding block device of less than 1 MB
    3d429cb1278e9 bpf: Check the helper function is valid in get_helper_proto
    ecb6383b79c3f smb: server: use disable_work_sync in transport_rdma.c
    1d6e5bd5b6114 smb: server: don't use delayed_work for post_recv_credits_work
    596575060f4cd cpufreq: Initialize cpufreq-based invariance before subsys
    6833714e12d12 ARM: dts: kirkwood: Fix sound DAI cells for OpenRD clients
    88c1bb807f79a arm64: dts: imx8mp: Correct thermal sensor index
    d755823f2c0b3 firmware: imx: Add stub functions for SCMI MISC API
    edeae8be4d263 HID: amd_sfh: Add sync across amd sfh work functions
    7a7bb18680eaa IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
    d2be6c429d8cc net: sfp: add quirk for FLYPRO copper SFP+ module
    2368ce440dfbc ALSA: usb-audio: Add mute TLV for playback volumes on more devices
    c2564438d30a8 ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
    6074537a680de ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
    5cae5420519d8 i2c: designware: Add quirk for Intel Xe
    aaac704646b8f mmc: sdhci-cadence: add Mobileye eyeQ support
    34a8909831836 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
    7edb8abcc9773 net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info
    9e85e98516e13 usb: core: Add 0x prefix to quirks debug output
    6b66c7181d265 ALSA: usb-audio: Fix build with CONFIG_INPUT=n
    a9bed48ddee3d ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA
    1f1bc26ba97af ALSA: usb-audio: Convert comma to semicolon
    a705899ec6085 ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
    1847877529d71 ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
    80fffa366ad64 ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
    33b1035eec4b4 ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
    d7a58b4d5ccf6 ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
    9fdb2390b0e49 ALSA: usb-audio: Fix block comments in mixer_quirks
    058cfa459cc70 ALSA: usb-audio: Fix code alignment in mixer_quirks
    b728110b16467 firewire: core: fix overlooked update of subsystem ABI version
    8d685863f557c scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.12.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.12.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 37233199f0..8d6efadf58 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b82952f1b1b128089e27cadf3b16c11a7be2644d"
-SRCREV_meta ?= "8eec73988615290c4a3370553c44d2d3bdbf4034"
+SRCREV_machine ?= "b4f5907de1e85e0f945b658dac152de95e615377"
+SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.49"
+LINUX_VERSION ?= "6.12.50"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index b934b925b4..f920dd4f21 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.49"
+LINUX_VERSION ?= "6.12.50"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_meta ?= "8eec73988615290c4a3370553c44d2d3bdbf4034"
+SRCREV_machine ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index b1b7f95bb5..fd98ab0fe3 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b522400a3cd8c649a7a040398eecd4adc5cbecd2"
-SRCREV_machine:qemuarm64 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemuloongarch64 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemumips ?= "e3476588db698ac8f2f47cc6b7594f0740b80a40"
-SRCREV_machine:qemuppc ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemuriscv64 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemuriscv32 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemux86 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemux86-64 ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_machine:qemumips64 ?= "fd00218b9063fff14c5815dfff6be2e0e5bb5861"
-SRCREV_machine ?= "6c5bd29f94e71fb7269a41f7402e1902867fac14"
-SRCREV_meta ?= "8eec73988615290c4a3370553c44d2d3bdbf4034"
+SRCREV_machine:qemuarm ?= "a0a67cc2a9c525cdbbee0a53396d6260a25839c2"
+SRCREV_machine:qemuarm64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemuloongarch64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemumips ?= "be1da28e2e753af1c661bad7982eb8bc29c885d8"
+SRCREV_machine:qemuppc ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemuriscv64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemuriscv32 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemux86 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemux86-64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_machine:qemumips64 ?= "cf66b7844c1b375a1b473f21ea920cccc9f692aa"
+SRCREV_machine ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
+SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "f1e375d5eb68f990709fce37ee1c0ecae3645b6f"
+SRCREV_machine:class-devupstream ?= "da274362a7bd9ab3a6e46d15945029145ebce672"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.49"
+LINUX_VERSION ?= "6.12.50"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.39.2

[PATCH 04/11] linux-yocto/6.12: update CVE exclusions (6.12.50)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 15 changes (1 new | 14 updated): - 1 new CVEs: CVE-2025-11344 - 14 updated CVEs: CVE-2025-11293, CVE-2025-11294, CVE-2025-11295, CVE-2025-11325, CVE-2025-11343, CVE-2025-54086, CVE-2025-55191, CVE-2025-58586, CVE-2025-59951, CVE-2025-60967, CVE-2025-61587, CVE-2025-61792, CVE-2025-61984, CVE-2025-61985
        Date: Mon, 6 Oct 2025 18:40:24 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 696 +++++++++++++++++-
 1 file changed, 662 insertions(+), 34 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 6c327e489a..59035c47e8 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-09-29 01:53:40.204255+00:00 for kernel version 6.12.49
-# From linux_kernel_cves cve_2025-09-29_0100Z
+# Generated at 2025-10-06 18:40:43.912028+00:00 for kernel version 6.12.50
+# From linux_kernel_cves cve_2025-10-06_1800Z-2-gd3f82236df6
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.49"
+    this_version = "6.12.50"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -1530,6 +1530,8 @@ CVE_STATUS[CVE-2021-4453] = "fixed-version: Fixed from version 5.16"
 
 CVE_STATUS[CVE-2021-4454] = "fixed-version: Fixed from version 6.2"
 
+CVE_STATUS[CVE-2021-4460] = "fixed-version: Fixed from version 5.13"
+
 CVE_STATUS[CVE-2022-21546] = "fixed-version: Fixed from version 5.19"
 
 # CVE-2022-26365 has no known resolution
@@ -4870,8 +4872,6 @@ CVE_STATUS[CVE-2022-50343] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50344] = "fixed-version: Fixed from version 6.1"
 
-CVE_STATUS[CVE-2022-50345] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50346] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50347] = "fixed-version: Fixed from version 6.2"
@@ -4972,8 +4972,6 @@ CVE_STATUS[CVE-2022-50395] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50396] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50397] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50398] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50399] = "fixed-version: Fixed from version 6.1"
@@ -5016,6 +5014,182 @@ CVE_STATUS[CVE-2022-50418] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50419] = "fixed-version: Fixed from version 6.1"
 
+CVE_STATUS[CVE-2022-50420] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50421] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50422] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50423] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50424] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50425] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50426] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50427] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50428] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50429] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50430] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50431] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50432] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50433] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50434] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50435] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50436] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50437] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50438] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50439] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50440] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50441] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50442] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50443] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50444] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50445] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50446] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50447] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50448] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50449] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50450] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50451] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50452] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50453] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50454] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50455] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50456] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50457] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50458] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50459] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50460] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50461] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50462] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50463] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50464] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50465] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50466] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50467] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50468] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50469] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50470] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50471] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50472] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50473] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50474] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50475] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50476] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50477] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50478] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50479] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50480] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50481] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50482] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50483] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50484] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50485] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50486] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50487] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50488] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50489] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50490] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50491] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50492] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50493] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50494] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50496] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50497] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50498] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50499] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50500] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50501] = "fixed-version: Fixed from version 6.2"
+
+# CVE-2022-50502 has no known resolution
+
+CVE_STATUS[CVE-2022-50503] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50504] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50505] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50506] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50507] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50508] = "fixed-version: Fixed from version 6.3"
+
 CVE_STATUS[CVE-2023-32246] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-32249] = "fixed-version: Fixed from version 6.4"
@@ -6806,6 +6980,342 @@ CVE_STATUS[CVE-2023-53446] = "fixed-version: Fixed from version 6.5"
 
 CVE_STATUS[CVE-2023-53447] = "fixed-version: Fixed from version 6.5"
 
+CVE_STATUS[CVE-2023-53448] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53449] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53450] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53451] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53452] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53453] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53454] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53455] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53456] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53457] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53458] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53459] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53460] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53461] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53462] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53463] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53464] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53465] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53466] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53467] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53468] = "fixed-version: Fixed from version 6.3"
+
+# CVE-2023-53469 has no known resolution
+
+CVE_STATUS[CVE-2023-53470] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53471] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53472] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53473] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53474] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53475] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53476] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53477] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53478] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53479] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53480] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53481] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53482] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53483] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53484] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53485] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53486] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53487] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53488] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53489] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53490] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53491] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53492] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53493] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53494] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53495] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53496] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53497] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53498] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53499] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53500] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53501] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53503] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53504] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53505] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53506] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53507] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53508] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53509] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53510] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53511] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53512] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53513] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53514] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53515] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53516] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53517] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53518] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53519] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53520] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53521] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53522] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53523] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53524] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53525] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53526] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53527] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53528] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53529] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53530] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53531] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53532] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53533] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53534] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53535] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53536] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53537] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53538] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53539] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53540] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53541] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53542] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53543] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53544] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53545] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53546] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53547] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53548] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53549] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53550] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53551] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53552] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53553] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53554] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53555] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53556] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53557] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53558] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53559] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53560] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53561] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53562] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53563] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53564] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53565] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53566] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53567] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53568] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53569] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53570] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53571] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53572] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53573] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53574] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53575] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53576] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53577] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53578] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53579] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53580] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53581] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53582] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53583] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53584] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53585] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53586] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53587] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53588] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53589] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53590] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53591] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53592] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53593] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53594] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53595] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53596] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53597] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53598] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53599] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53600] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53601] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53602] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53603] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53604] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53605] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53606] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53607] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53608] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53609] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53610] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53611] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53612] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53613] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53614] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53615] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53616] = "fixed-version: Fixed from version 6.6"
+
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
@@ -15656,7 +16166,7 @@ CVE_STATUS[CVE-2025-38582] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38583] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38584 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38584 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38585] = "cpe-stable-backport: Backported in 6.12.42"
 
@@ -15670,7 +16180,7 @@ CVE_STATUS[CVE-2025-38589] = "fixed-version: only affects 6.13 onwards"
 
 CVE_STATUS[CVE-2025-38590] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38591 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38591 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38592] = "fixed-version: only affects 6.15 onwards"
 
@@ -15682,7 +16192,7 @@ CVE_STATUS[CVE-2025-38595] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38596] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-38597 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38597 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38598] = "fixed-version: only affects 6.16 onwards"
 
@@ -15696,7 +16206,7 @@ CVE_STATUS[CVE-2025-38602] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38604] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38605 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38605 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38606] = "fixed-version: only affects 6.14 onwards"
 
@@ -15726,7 +16236,7 @@ CVE_STATUS[CVE-2025-38619] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38620] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-38621 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38621 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38622] = "cpe-stable-backport: Backported in 6.12.42"
 
@@ -15738,7 +16248,7 @@ CVE_STATUS[CVE-2025-38625] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38626] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38627 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38627 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38628] = "cpe-stable-backport: Backported in 6.12.42"
 
@@ -15756,7 +16266,7 @@ CVE_STATUS[CVE-2025-38634] = "cpe-stable-backport: Backported in 6.12.42"
 
 CVE_STATUS[CVE-2025-38635] = "cpe-stable-backport: Backported in 6.12.42"
 
-# CVE-2025-38636 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38636 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38637] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -15770,7 +16280,7 @@ CVE_STATUS[CVE-2025-38641] = "fixed-version: only affects 6.16 onwards"
 
 CVE_STATUS[CVE-2025-38642] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-38643 needs backporting (fixed from 6.17rc1)
+# CVE-2025-38643 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38644] = "cpe-stable-backport: Backported in 6.12.42"
 
@@ -15840,7 +16350,7 @@ CVE_STATUS[CVE-2025-38676] = "cpe-stable-backport: Backported in 6.12.44"
 
 CVE_STATUS[CVE-2025-38677] = "cpe-stable-backport: Backported in 6.12.44"
 
-# CVE-2025-38678 needs backporting (fixed from 6.17rc2)
+# CVE-2025-38678 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-38679] = "cpe-stable-backport: Backported in 6.12.43"
 
@@ -15968,9 +16478,9 @@ CVE_STATUS[CVE-2025-39675] = "cpe-stable-backport: Backported in 6.12.44"
 
 CVE_STATUS[CVE-2025-39676] = "cpe-stable-backport: Backported in 6.12.44"
 
-# CVE-2025-39677 needs backporting (fixed from 6.17rc3)
+# CVE-2025-39677 needs backporting (fixed from 6.17)
 
-# CVE-2025-39678 needs backporting (fixed from 6.17rc3)
+# CVE-2025-39678 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39679] = "cpe-stable-backport: Backported in 6.12.44"
 
@@ -16104,7 +16614,7 @@ CVE_STATUS[CVE-2025-39743] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-39744] = "cpe-stable-backport: Backported in 6.12.43"
 
-# CVE-2025-39745 needs backporting (fixed from 6.17rc1)
+# CVE-2025-39745 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39746] = "cpe-stable-backport: Backported in 6.12.43"
 
@@ -16116,8 +16626,6 @@ CVE_STATUS[CVE-2025-39749] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-39750] = "cpe-stable-backport: Backported in 6.12.43"
 
-CVE_STATUS[CVE-2025-39751] = "cpe-stable-backport: Backported in 6.12.43"
-
 CVE_STATUS[CVE-2025-39752] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-39753] = "cpe-stable-backport: Backported in 6.12.43"
@@ -16138,11 +16646,11 @@ CVE_STATUS[CVE-2025-39760] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-39761] = "cpe-stable-backport: Backported in 6.12.43"
 
-# CVE-2025-39762 needs backporting (fixed from 6.17rc1)
+# CVE-2025-39762 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39763] = "cpe-stable-backport: Backported in 6.12.43"
 
-# CVE-2025-39764 needs backporting (fixed from 6.17rc2)
+# CVE-2025-39764 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39765] = "cpe-stable-backport: Backported in 6.12.44"
 
@@ -16192,7 +16700,7 @@ CVE_STATUS[CVE-2025-39787] = "cpe-stable-backport: Backported in 6.12.44"
 
 CVE_STATUS[CVE-2025-39788] = "cpe-stable-backport: Backported in 6.12.44"
 
-# CVE-2025-39789 needs backporting (fixed from 6.17rc1)
+# CVE-2025-39789 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39790] = "cpe-stable-backport: Backported in 6.12.44"
 
@@ -16212,8 +16720,6 @@ CVE_STATUS[CVE-2025-39797] = "cpe-stable-backport: Backported in 6.12.43"
 
 CVE_STATUS[CVE-2025-39798] = "cpe-stable-backport: Backported in 6.12.43"
 
-CVE_STATUS[CVE-2025-39799] = "fixed-version: only affects 6.17rc1 onwards"
-
 CVE_STATUS[CVE-2025-39800] = "cpe-stable-backport: Backported in 6.12.44"
 
 CVE_STATUS[CVE-2025-39801] = "cpe-stable-backport: Backported in 6.12.44"
@@ -16258,7 +16764,7 @@ CVE_STATUS[CVE-2025-39820] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-39821] = "fixed-version: only affects 6.16 onwards"
 
-# CVE-2025-39822 needs backporting (fixed from 6.17rc4)
+# CVE-2025-39822 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39823] = "cpe-stable-backport: Backported in 6.12.45"
 
@@ -16274,15 +16780,15 @@ CVE_STATUS[CVE-2025-39828] = "cpe-stable-backport: Backported in 6.12.45"
 
 CVE_STATUS[CVE-2025-39829] = "cpe-stable-backport: Backported in 6.12.45"
 
-# CVE-2025-39830 needs backporting (fixed from 6.17rc4)
+# CVE-2025-39830 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39831] = "cpe-stable-backport: Backported in 6.12.45"
 
 CVE_STATUS[CVE-2025-39832] = "cpe-stable-backport: Backported in 6.12.45"
 
-# CVE-2025-39833 needs backporting (fixed from 6.17rc4)
+# CVE-2025-39833 needs backporting (fixed from 6.17)
 
-# CVE-2025-39834 needs backporting (fixed from 6.17rc4)
+# CVE-2025-39834 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39835] = "cpe-stable-backport: Backported in 6.12.45"
 
@@ -16332,13 +16838,13 @@ CVE_STATUS[CVE-2025-39857] = "cpe-stable-backport: Backported in 6.12.46"
 
 CVE_STATUS[CVE-2025-39858] = "fixed-version: only affects 6.15 onwards"
 
-# CVE-2025-39859 needs backporting (fixed from 6.17rc5)
+# CVE-2025-39859 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39860] = "cpe-stable-backport: Backported in 6.12.46"
 
 CVE_STATUS[CVE-2025-39861] = "cpe-stable-backport: Backported in 6.12.46"
 
-# CVE-2025-39862 needs backporting (fixed from 6.17rc5)
+# CVE-2025-39862 needs backporting (fixed from 6.17)
 
 CVE_STATUS[CVE-2025-39863] = "cpe-stable-backport: Backported in 6.12.46"
 
@@ -16348,8 +16854,6 @@ CVE_STATUS[CVE-2025-39865] = "cpe-stable-backport: Backported in 6.12.46"
 
 CVE_STATUS[CVE-2025-39866] = "cpe-stable-backport: Backported in 6.12.46"
 
-CVE_STATUS[CVE-2025-39867] = "fixed-version: only affects 6.17rc1 onwards"
-
 CVE_STATUS[CVE-2025-39868] = "fixed-version: only affects 6.15 onwards"
 
 CVE_STATUS[CVE-2025-39869] = "cpe-stable-backport: Backported in 6.12.48"
@@ -16396,8 +16900,132 @@ CVE_STATUS[CVE-2025-39889] = "cpe-stable-backport: Backported in 6.12.25"
 
 CVE_STATUS[CVE-2025-39890] = "cpe-stable-backport: Backported in 6.12.34"
 
+CVE_STATUS[CVE-2025-39891] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39892] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39893] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39894] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39895] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39896] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39897] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39898] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39899] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39900] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39901] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39902] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39903] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39904] = "fixed-version: only affects 6.16 onwards"
+
+# CVE-2025-39905 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39906] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39907] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39908] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39909] = "cpe-stable-backport: Backported in 6.12.48"
+
+# CVE-2025-39910 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39911] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39912] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39913] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39914] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39915] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-39916] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39917] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39918] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39919] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39920] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39921] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-39922] = "cpe-stable-backport: Backported in 6.12.46"
+
+CVE_STATUS[CVE-2025-39923] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39924] = "fixed-version: only affects 6.15 onwards"
+
+# CVE-2025-39925 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39926] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39927] = "cpe-stable-backport: Backported in 6.12.48"
+
+CVE_STATUS[CVE-2025-39928] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-39929] = "cpe-stable-backport: Backported in 6.12.49"
+
 CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.14 onwards"
 
+CVE_STATUS[CVE-2025-39931] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39932] = "cpe-stable-backport: Backported in 6.12.49"
+
+# CVE-2025-39933 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39934] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39935] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-39936] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39937] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39938] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39939] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39940] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39941] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-39942] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39943] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39944] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39945] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39946] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39947] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39948] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39949] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39950] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39951] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39952] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39953] = "cpe-stable-backport: Backported in 6.12.49"
+
 CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-40014 needs backporting (fixed from 6.15)
-- 
2.39.2

[PATCH 05/11] linux-yocto/6.12: update to v6.12.51

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:

    a9152eb181ad Linux 6.12.51
    4dda55d04caa ASoC: qcom: audioreach: fix potential null pointer dereference
    1f52119809b7 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
    4e5f060d7347 mm: swap: check for stable address space before operating on the VMA
    000b2a6bed7f media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
    fd5d3e6b149e media: rc: fix races with imon_disconnect()
    effb1c19583b media: tuner: xc5000: Fix use-after-free in xc5000_release
    514a519baa9e media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove
    53c6351597e6 scsi: target: target_core_configfs: Add length check to avoid buffer overflow
    fc998bccee32 gcc-plugins: Remove TODO_verify_il for GCC >= 16
    70165dc3ec8c crypto: sha256 - fix crash at kexec

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.12.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.12.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 8d6efadf58..0128e62152 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "b4f5907de1e85e0f945b658dac152de95e615377"
-SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
+SRCREV_machine ?= "02092ef333fa4503bc6da5f7d1f1eda2dee9c9d7"
+SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.50"
+LINUX_VERSION ?= "6.12.51"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index f920dd4f21..0cd6e9b99b 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.50"
+LINUX_VERSION ?= "6.12.51"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
+SRCREV_machine ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index fd98ab0fe3..620e46b250 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "a0a67cc2a9c525cdbbee0a53396d6260a25839c2"
-SRCREV_machine:qemuarm64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemuloongarch64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemumips ?= "be1da28e2e753af1c661bad7982eb8bc29c885d8"
-SRCREV_machine:qemuppc ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemuriscv64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemuriscv32 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemux86 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemux86-64 ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_machine:qemumips64 ?= "cf66b7844c1b375a1b473f21ea920cccc9f692aa"
-SRCREV_machine ?= "258800fd1696b1a356a754fcef83cbfdee399ae1"
-SRCREV_meta ?= "39c7e069b8475a8751d1a584a6181e072033f25d"
+SRCREV_machine:qemuarm ?= "21e7e89f6bbcaec3d70000333004e47031246bfd"
+SRCREV_machine:qemuarm64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemuloongarch64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemumips ?= "64965a9f8fd95a53788b1ed6c275056ef6be9510"
+SRCREV_machine:qemuppc ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemuriscv64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemuriscv32 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemux86 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemux86-64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_machine:qemumips64 ?= "5298636e61f0c9d939f79cee4d48e9013aceeaef"
+SRCREV_machine ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
+SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "da274362a7bd9ab3a6e46d15945029145ebce672"
+SRCREV_machine:class-devupstream ?= "72b82d56b82137a92a20e5584029d35408d810c2"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.50"
+LINUX_VERSION ?= "6.12.51"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.39.2

[PATCH 06/11] linux-yocto/6.12: update CVE exclusions (6.12.51)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 1 changes (1 new | 0 updated): - 1 new CVEs: CVE-2025-11401 - 0 updated CVEs:
        Date: Tue, 7 Oct 2025 17:07:09 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 244 +++++++++++++++++-
 1 file changed, 239 insertions(+), 5 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index 59035c47e8..a5ccb609b6 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-06 18:40:43.912028+00:00 for kernel version 6.12.50
-# From linux_kernel_cves cve_2025-10-06_1800Z-2-gd3f82236df6
+# Generated at 2025-10-07 17:30:26.724165+00:00 for kernel version 6.12.51
+# From linux_kernel_cves cve_2025-10-07_1700Z
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.50"
+    this_version = "6.12.51"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -5190,6 +5190,100 @@ CVE_STATUS[CVE-2022-50507] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50508] = "fixed-version: Fixed from version 6.3"
 
+CVE_STATUS[CVE-2022-50509] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50510] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50511] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50512] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50513] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50514] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50515] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50516] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50517] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50518] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50519] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50520] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50521] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50522] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50523] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50524] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50525] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50526] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50527] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50528] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50529] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50530] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50531] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50532] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50533] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50534] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50535] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50536] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50537] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50538] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50539] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2022-50540] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50541] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50542] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50543] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50544] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50545] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50546] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50547] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50548] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50549] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50550] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50551] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50552] = "fixed-version: Fixed from version 6.1"
+
+CVE_STATUS[CVE-2022-50553] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50554] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2022-50555] = "fixed-version: Fixed from version 6.1"
+
 CVE_STATUS[CVE-2023-32246] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-32249] = "fixed-version: Fixed from version 6.4"
@@ -6088,8 +6182,6 @@ CVE_STATUS[CVE-2023-52977] = "fixed-version: Fixed from version 6.1.11"
 
 CVE_STATUS[CVE-2023-52978] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2023-52979] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2023-52980] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-52981] = "fixed-version: Fixed from version 6.2"
@@ -7316,6 +7408,148 @@ CVE_STATUS[CVE-2023-53615] = "fixed-version: Fixed from version 6.6"
 
 CVE_STATUS[CVE-2023-53616] = "fixed-version: Fixed from version 6.6"
 
+CVE_STATUS[CVE-2023-53617] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53618] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53619] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53620] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53621] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53622] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53623] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53624] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53625] = "fixed-version: Fixed from version 6.2"
+
+CVE_STATUS[CVE-2023-53626] = "fixed-version: Fixed from version 6.2.8"
+
+CVE_STATUS[CVE-2023-53627] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53628] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53629] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53630] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53631] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53632] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53633] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53634] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53635] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53636] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53637] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53638] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53639] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53640] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53641] = "fixed-version: Fixed from version 6.4"
+
+# CVE-2023-53642 has no known resolution
+
+CVE_STATUS[CVE-2023-53643] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53644] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53645] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53646] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53647] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53648] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53649] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53650] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53651] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53652] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53653] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53654] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53655] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53656] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53657] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53658] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53659] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53660] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53661] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53662] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53663] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53664] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53665] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53666] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53667] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53668] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53669] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53670] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53671] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53672] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53673] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53674] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53675] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53676] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53677] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53678] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53679] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53680] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53681] = "fixed-version: Fixed from version 6.5"
+
+CVE_STATUS[CVE-2023-53682] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53683] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53684] = "fixed-version: Fixed from version 6.3"
+
+CVE_STATUS[CVE-2023-53685] = "fixed-version: Fixed from version 6.4"
+
+CVE_STATUS[CVE-2023-53686] = "fixed-version: Fixed from version 6.6"
+
+CVE_STATUS[CVE-2023-53687] = "fixed-version: Fixed from version 6.5"
+
 CVE_STATUS[CVE-2024-26581] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26582] = "fixed-version: Fixed from version 6.8"
-- 
2.39.2

[PATCH 07/11] linux-yocto/6.12: update to v6.12.52

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.12 to the latest korg -stable release that comprises
the following commits:

    2b2cbdcede38 Linux 6.12.52
    e7177c7e32cb KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
    716dceb19a9f net/9p: fix double req put in p9_fd_cancelled
    c5c703b50e91 crypto: rng - Ensure set_ent is always present
    77dd0e6cb9f9 driver core/PM: Set power.no_callbacks along with power.no_pm
    99d67efda945 staging: axis-fifo: flush RX FIFO on read errors
    7441d70d5cd6 staging: axis-fifo: fix TX handling on copy_from_user() failure
    cc9cfbfb2916 staging: axis-fifo: fix maximum TX packet length check
    65422a6a0d2d serial: stm32: allow selecting console when the driver is module
    c301ec61ce6f binder: fix double-free in dbitmap
    1855e18bff88 nvmem: layouts: fix automatic module loading
    4827bd6548e0 hid: fix I2C read buffer overflow in raw_event() for mcp2221
    647d6b8d22be ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
    c611b9e55174 ALSA: usb-audio: Kill timer properly at removal
    5980a35c9d13 drm/amdgpu: Enable MES lr_compute_wa by default
    2dedc6b77bf8 drm/amd/include : Update MES v12 API for fence update
    ff2b82286fc8 drm/amd/include : MES v11 and v12 API header update
    bfd0bec4cb2c drm/amd : Update MES API header file for v11 & v12
    44d41506d697 platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list
    4a918985a35f can: rcar_canfd: Fix controller mode setting
    1d2ef21f02ba can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled
    60bbfc295a33 netfs: Prevent duplicate unlocking
    ec045333522e btrfs: ref-verify: handle damaged extent root tree
    31a834865209 ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
    467dd7cab347 platform/x86/amd/pmf: Support new ACPI ID AMDI0108
    1773f674c4f2 perf subcmd: avoid crash in exclude_cmds when excludes is empty
    6263c898761b platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list
    27a0a815dbba dm-integrity: limit MAX_TAG_SIZE to 255
    6a3a7b13ad74 ASoC: amd: acp: Adjust pdm gain value
    e005b52b8398 rust: block: fix `srctree/` links
    1713796d6538 wifi: rtl8xxxu: Don't claim USB ID 07b8:8188
    914d02595ba6 wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
    7c1e37878a2f Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
    dad2ac26ac76 USB: serial: option: add SIMCom 8230C compositions
    f92181c0e13c media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
    895cccf639ac wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/linux-yocto-rt_6.12.bb              |  6 ++--
 .../linux/linux-yocto-tiny_6.12.bb            |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.12.bb | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 0128e62152..c6697e99b2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "02092ef333fa4503bc6da5f7d1f1eda2dee9c9d7"
-SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
+SRCREV_machine ?= "6e15f26e4078d6d17c8f2dd66b6f3a8976bb5f10"
+SRCREV_meta ?= "350aec7b58ac8a244f7084334cd072cc2b39dfdc"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.51"
+LINUX_VERSION ?= "6.12.52"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 0cd6e9b99b..2fe3f17451 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.51"
+LINUX_VERSION ?= "6.12.52"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
+SRCREV_machine ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_meta ?= "350aec7b58ac8a244f7084334cd072cc2b39dfdc"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index 620e46b250..84ae7c0360 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "21e7e89f6bbcaec3d70000333004e47031246bfd"
-SRCREV_machine:qemuarm64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemuloongarch64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemumips ?= "64965a9f8fd95a53788b1ed6c275056ef6be9510"
-SRCREV_machine:qemuppc ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemuriscv64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemuriscv32 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemux86 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemux86-64 ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_machine:qemumips64 ?= "5298636e61f0c9d939f79cee4d48e9013aceeaef"
-SRCREV_machine ?= "d12617f73759e07b81f95e6451e212e21dcd3230"
-SRCREV_meta ?= "5f4ac28eb4130083ed7214f9bdedd4ee230af1a2"
+SRCREV_machine:qemuarm ?= "172b9fbf63ccfdfbcbeca1a3c7ba5c34eb9f2dcd"
+SRCREV_machine:qemuarm64 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemuloongarch64 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemumips ?= "31d0ff8e1f91778a5f6eacd2c539384999becfc9"
+SRCREV_machine:qemuppc ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemuriscv64 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemuriscv32 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemux86 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemux86-64 ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_machine:qemumips64 ?= "27af9a15a47958d29f1ab8740b1bc4b6d9ecf27e"
+SRCREV_machine ?= "7ec0c63fa4a7870b6e16d255828f5a0ae4ec821b"
+SRCREV_meta ?= "350aec7b58ac8a244f7084334cd072cc2b39dfdc"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "72b82d56b82137a92a20e5584029d35408d810c2"
+SRCREV_machine:class-devupstream ?= "a9152eb181adaac576e8ac1ab79989881e0f301b"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.51"
+LINUX_VERSION ?= "6.12.52"
 
 PV = "${LINUX_VERSION}+git"
 
-- 
2.39.2

[PATCH 08/11] linux-yocto/6.12: update CVE exclusions (6.12.52)

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Data pulled from: https://github.com/CVEProject/cvelistV5

    1/1 [
        Author: cvelistV5 Github Action
        Email: github_action@example.com
        Subject: 10 changes (9 new | 1 updated): - 9 new CVEs: CVE-2025-42901, CVE-2025-42902, CVE-2025-42903, CVE-2025-42906, CVE-2025-42908, CVE-2025-42909, CVE-2025-42910, CVE-2025-42937, CVE-2025-42939 - 1 updated CVEs: CVE-2025-42907
        Date: Tue, 14 Oct 2025 00:35:23 +0000

    ]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 .../linux/cve-exclusion_6.12.inc              | 58 ++++++++++++-------
 1 file changed, 36 insertions(+), 22 deletions(-)

diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index a5ccb609b6..f84d42cfe1 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,11 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-10-07 17:30:26.724165+00:00 for kernel version 6.12.51
-# From linux_kernel_cves cve_2025-10-07_1700Z
+# Generated at 2025-10-14 01:23:30.027767+00:00 for kernel version 6.12.52
+# From linux_kernel_cves 2025-10-14_baseline-1-gddc0a257837
 
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.51"
+    this_version = "6.12.52"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -4648,11 +4648,11 @@ CVE_STATUS[CVE-2022-50228] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50229] = "fixed-version: Fixed from version 6.0"
 
-# CVE-2022-50230 has no known resolution
+CVE_STATUS[CVE-2022-50230] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50231] = "fixed-version: Fixed from version 6.0"
 
-# CVE-2022-50232 has no known resolution
+CVE_STATUS[CVE-2022-50232] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50233] = "fixed-version: Fixed from version 6.0"
 
@@ -4664,7 +4664,7 @@ CVE_STATUS[CVE-2022-50236] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50239] = "fixed-version: Fixed from version 6.1"
 
-# CVE-2022-50240 has no known resolution
+CVE_STATUS[CVE-2022-50240] = "fixed-version: Fixed from version 6.0"
 
 CVE_STATUS[CVE-2022-50241] = "fixed-version: Fixed from version 6.1"
 
@@ -4858,8 +4858,6 @@ CVE_STATUS[CVE-2022-50336] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50337] = "fixed-version: Fixed from version 6.2"
 
-# CVE-2022-50338 has no known resolution
-
 CVE_STATUS[CVE-2022-50339] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50340] = "fixed-version: Fixed from version 6.2"
@@ -4938,7 +4936,7 @@ CVE_STATUS[CVE-2022-50378] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50379] = "fixed-version: Fixed from version 6.1"
 
-# CVE-2022-50380 has no known resolution
+CVE_STATUS[CVE-2022-50380] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50381] = "fixed-version: Fixed from version 6.2"
 
@@ -5074,8 +5072,6 @@ CVE_STATUS[CVE-2022-50448] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50449] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50450] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2022-50451] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50452] = "fixed-version: Fixed from version 6.1"
@@ -5084,8 +5080,6 @@ CVE_STATUS[CVE-2022-50453] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50454] = "fixed-version: Fixed from version 6.1"
 
-CVE_STATUS[CVE-2022-50455] = "fixed-version: Fixed from version 6.2"
-
 CVE_STATUS[CVE-2022-50456] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50457] = "fixed-version: Fixed from version 6.2"
@@ -5148,8 +5142,6 @@ CVE_STATUS[CVE-2022-50485] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50486] = "fixed-version: Fixed from version 6.2"
 
-CVE_STATUS[CVE-2022-50487] = "fixed-version: Fixed from version 6.1"
-
 CVE_STATUS[CVE-2022-50488] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50489] = "fixed-version: Fixed from version 6.1"
@@ -5176,8 +5168,6 @@ CVE_STATUS[CVE-2022-50500] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-50501] = "fixed-version: Fixed from version 6.2"
 
-# CVE-2022-50502 has no known resolution
-
 CVE_STATUS[CVE-2022-50503] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2022-50504] = "fixed-version: Fixed from version 6.2"
@@ -7114,7 +7104,7 @@ CVE_STATUS[CVE-2023-53467] = "fixed-version: Fixed from version 6.3"
 
 CVE_STATUS[CVE-2023-53468] = "fixed-version: Fixed from version 6.3"
 
-# CVE-2023-53469 has no known resolution
+CVE_STATUS[CVE-2023-53469] = "fixed-version: Fixed from version 6.5"
 
 CVE_STATUS[CVE-2023-53470] = "fixed-version: Fixed from version 6.4"
 
@@ -7458,7 +7448,7 @@ CVE_STATUS[CVE-2023-53640] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-53641] = "fixed-version: Fixed from version 6.4"
 
-# CVE-2023-53642 has no known resolution
+CVE_STATUS[CVE-2023-53642] = "fixed-version: Fixed from version 6.4"
 
 CVE_STATUS[CVE-2023-53643] = "fixed-version: Fixed from version 6.3"
 
@@ -14388,7 +14378,7 @@ CVE_STATUS[CVE-2025-21986] = "cpe-stable-backport: Backported in 6.12.20"
 
 CVE_STATUS[CVE-2025-21987] = "cpe-stable-backport: Backported in 6.12.18"
 
-# CVE-2025-21988 has no known resolution
+CVE_STATUS[CVE-2025-21988] = "cpe-stable-backport: Backported in 6.12.20"
 
 CVE_STATUS[CVE-2025-21989] = "cpe-stable-backport: Backported in 6.12.20"
 
@@ -15448,7 +15438,7 @@ CVE_STATUS[CVE-2025-38103] = "cpe-stable-backport: Backported in 6.12.34"
 
 CVE_STATUS[CVE-2025-38104] = "cpe-stable-backport: Backported in 6.12.39"
 
-# CVE-2025-38105 needs backporting (fixed from 6.16)
+CVE_STATUS[CVE-2025-38105] = "cpe-stable-backport: Backported in 6.12.52"
 
 CVE_STATUS[CVE-2025-38106] = "cpe-stable-backport: Backported in 6.12.34"
 
@@ -17260,6 +17250,30 @@ CVE_STATUS[CVE-2025-39952] = "cpe-stable-backport: Backported in 6.12.49"
 
 CVE_STATUS[CVE-2025-39953] = "cpe-stable-backport: Backported in 6.12.49"
 
+CVE_STATUS[CVE-2025-39954] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39955] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39956] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39957] = "cpe-stable-backport: Backported in 6.12.49"
+
+# CVE-2025-39958 needs backporting (fixed from 6.17)
+
+CVE_STATUS[CVE-2025-39959] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-39960] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39961] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39962] = "fixed-version: only affects 6.16 onwards"
+
+CVE_STATUS[CVE-2025-39963] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39964] = "cpe-stable-backport: Backported in 6.12.49"
+
+CVE_STATUS[CVE-2025-39965] = "cpe-stable-backport: Backported in 6.12.50"
+
 CVE_STATUS[CVE-2025-39989] = "cpe-stable-backport: Backported in 6.12.23"
 
 # CVE-2025-40014 needs backporting (fixed from 6.15)
@@ -17270,5 +17284,5 @@ CVE_STATUS[CVE-2025-40300] = "cpe-stable-backport: Backported in 6.12.47"
 
 # CVE-2025-40325 needs backporting (fixed from 6.15)
 
-# CVE-2025-40364 has no known resolution
+CVE_STATUS[CVE-2025-40364] = "cpe-stable-backport: Backported in 6.12.14"
 
-- 
2.39.2

[PATCH 09/11] linux-yocto/6.16: genericarm64: feature splits and enablement

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Integrating the following commit(s):

    9e0a3e81 genericarm64.cfg: enable more power, reset drivers
    0293b84e genericarm64.cfg: enable MFD_KHADAS_MCU
    f9c89a33 genericarm64-regulator.cfg: enable more drivers
    01af8892 genericarm64.cfg: enable more IRQCHIP support
    96bf1e51 genericarm64.scc: enable USB serial support
    dc7502db genericarm64.cfg: improve SATA support
    e85415a3 genericarm64.cfg: improve input device support
    cb734447 genericarm64.cfg: enable more Hisilicon PCI drivers
    362c7b10 genericarm64.cfg: enable USB_CHIPIDEA_NPCM
    c9127be9 genericarm64.cfg: enable EXTCON_USBC_CROS_EC
    3836443f genericarm64.cfg: improve PHY support
    a25d50d8 genericarm64-clock.cfg: improve Qualcomm, Renesas etc clock driver support
    5e47e723 usb-net.cfg: add USB_LAN78XX
    e5be3915 genericarm64-clock.cfg: add more Renesas support
    8d1d61f1 genericarm64.cfg: improve Renesas pmdomain support
    89d463fc genericarm64.cfg: enable UACCE
    18251d7d genericarm64.cfg: more MTD CFI etc support
    070f72bc genericarm64.cfg: enable PCIe error reporting
    dfa6ca16 genericarm64.cfg: add more ethernet support
    5821cdf3 genericarm64.scc: add genericarm64-rtc.cfg and enable more HW support
    e9847838 genericarm64.cfg: enable Chrome OS platform drivers
    549b8af0 genericarm64.scc: enable Mellanox ethernet support
    5e172179 mellanox.scc: add network driver feature
    27eaec09 genericarm64.cfg: improve USB_DWC3 support
    c543148b genericarm64.cfg: improve TYPEC_MUX support
    62b093b3 genericarm64.scc: enable exFAT support
    360d572b cfg/fs/exfat.scc: add config feature
    8be64103 genericarm64.cfg: add more USB 3.0 and basic 2.0 support
    48e00648 genericarm64-arch.cfg: enable more Renesas support
    cef54e58 genericarm64.cfg: enable ARM_PSCI_FW support
    129993c7 genericarm64.cfg: enable more TPM and FFA support
    8cd8cb12 genericarm64.cfg: enable TCG_TIS as module
    be840fc8 genericarm64.cfg: enable ZYNQMP_FIRMWARE
    9f94acee genericarm64.cfg: enable COMMON_CLK_ZYNQMP
    10a0e7c7 genericarm64.cfg: enable DMI_SYSFS
    705cae9a genericarm64.scc: enable efi-test.scc
    08fd4f23 efi-test: add config fragment for EFI test interface
    98178196 genericarm64.cfg: enable ARM_PSCI_CPUIDLE_DOMAIN

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb   | 2 +-
 meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb | 2 +-
 meta/recipes-kernel/linux/linux-yocto_6.16.bb      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
index 9c1752d179..d1f7e76501 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.16.bb
@@ -15,7 +15,7 @@ python () {
 }
 
 SRCREV_machine ?= "c31e0cb82247b36842209614bb72af9127ef2471"
-SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
+SRCREV_meta ?= "9e0a3e81b40db2b35e060ef001b3902a6a0996ac"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.16;destsuffix=${KMETA};protocol=https"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
index c0dbec8b29..ef904adad4 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.16.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
-SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
+SRCREV_meta ?= "9e0a3e81b40db2b35e060ef001b3902a6a0996ac"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.16.bb b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
index 81f37c8d8a..2188c7fed2 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.16.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.16.bb
@@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
 SRCREV_machine:qemux86-64 ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
 SRCREV_machine:qemumips64 ?= "9fb4ff0187c85426f21fd40d4c61b742800f65c4"
 SRCREV_machine ?= "42ddd61a7bcedefc5eaedb89e91dcec7061e78ce"
-SRCREV_meta ?= "2581b577580a3432c267877d9800bdb88f0e85aa"
+SRCREV_meta ?= "9e0a3e81b40db2b35e060ef001b3902a6a0996ac"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
-- 
2.39.2

[PATCH 10/11] kern-tools: fix symbol_why for v6.18-rc1+

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

commit f589e1df23251d8319063da0a61c1016b2a0bf85 (HEAD -> master)
Author: Bruce Ashfield <bruce.ashfield@gmail.com>
Date:   Wed Oct 15 18:12:20 2025 -0400

    tools/Kconfiglib: add support for transitional attribute

    We need to update the parser to handle:

    commit f9afce4f32e9a120fc902fa6c9e0b90ad799a6ec
    Author: Kees Cook <kees@kernel.org>
    Date:   Tue Sep 23 14:34:18 2025 -0700

        kconfig: Add transitional symbol attribute for migration support

        During kernel option migrations (e.g. CONFIG_CFI_CLANG to CONFIG_CFI),
        existing .config files need to maintain backward compatibility while
        preventing deprecated options from appearing in newly generated
        configurations. This is challenging with existing Kconfig mechanisms
        because:

        1. Simply removing old options breaks existing .config files.
        2. Manually listing an option as "deprecated" leaves it needlessly
           visible and still writes them to new .config files.
        3. Using any method to remove visibility (.e.g no 'prompt', 'if n',
           etc) prevents the option from being processed at all.

        Add a "transitional" attribute that creates symbols which are:
        - Processed during configuration (can influence other symbols' defaults)
        - Hidden from user menus (no prompts appear)
        - Omitted from newly written .config files (gets migrated)
        - Restricted to only having help sections (no defaults, selects, etc)
          making it truly just a "prior value pass-through" option.

        The transitional syntax requires a type argument and prevents type
        redefinition:

            config NEW_OPTION
                bool "New option"
                default OLD_OPTION

            config OLD_OPTION
                bool
                transitional
                help
                  Transitional config for OLD_OPTION migration.

        This allows seamless migration: olddefconfig processes existing
        CONFIG_OLD_OPTION=y settings to enable CONFIG_NEW_OPTION=y, while
        CONFIG_OLD_OPTION is omitted from newly generated .config files.

        Added positive and negative testing via "testconfig" make target.

        Co-developed-by: Vegard Nossum <vegard.nossum@oracle.com>
        Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
        Reviewed-by: Nathan Chancellor <nathan@kernel.org>
        Tested-by: Nathan Chancellor <nathan@kernel.org>
        Link: https://lore.kernel.org/r/20250923213422.1105654-2-kees@kernel.org
        Signed-off-by: Kees Cook <kees@kernel.org>

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 meta/recipes-kernel/kern-tools/kern-tools-native_git.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
index 84b8b10a26..9240ee5db8 100644
--- a/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
+++ b/meta/recipes-kernel/kern-tools/kern-tools-native_git.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "\
 
 DEPENDS += "git-replacement-native"
 
-SRCREV = "fe67c98d2e9b74af44d0c4b660fa18e3a95e7edd"
+SRCREV = "f589e1df23251d8319063da0a61c1016b2a0bf85"
 PV = "0.3+git"
 
 inherit native
-- 
2.39.2

[PATCH 11/11] linux-yocto-dev: update to v6.18

[bruce.ashfield]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Bumping the -dev kernel to 6.18+

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 meta/recipes-kernel/linux/linux-yocto-dev.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-dev.bb b/meta/recipes-kernel/linux/linux-yocto-dev.bb
index 196e6b4761..fb4e0864d2 100644
--- a/meta/recipes-kernel/linux/linux-yocto-dev.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-dev.bb
@@ -14,7 +14,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # provide this .inc to set specific revisions
 include recipes-kernel/linux/linux-yocto-dev-revisions.inc
 
-KBRANCH = "v6.17/standard/base"
+KBRANCH = "v6.18/standard/base"
 KMETA = "kernel-meta"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name=machine;protocol=https \
@@ -28,7 +28,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-dev.git;branch=${KBRANCH};name
 SRCREV_machine ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 SRCREV_meta ?= '${@oe.utils.conditional("PREFERRED_PROVIDER_virtual/kernel", "linux-yocto-dev", "${AUTOREV}", "29594404d7fe73cd80eaa4ee8c43dcc53970c60e", d)}'
 
-LINUX_VERSION ?= "6.17"
+LINUX_VERSION ?= "6.18"
 LINUX_VERSION_EXTENSION ?= "-yoctodev-${LINUX_KERNEL_TYPE}"
 PV = "${LINUX_VERSION}+git"
 
-- 
2.39.2