[OE-core] [PATCH] cve-exclusions: Document some further linux-yocto CVE statuses

Richard Purdie Fri, 07 Apr 2023 03:58:48 -0700

Add some information about some further kernel CVEs which don't apply for
either linux-yocto or don't apply for linux-yocto 6.1.


Signed-off-by: Richard Purdie <[email protected]>
---
 meta/conf/distro/include/cve-extra-exclusions.inc |  7 +++++++
 meta/recipes-kernel/linux/cve-exclusion_6.1.inc   | 13 +++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc 
b/meta/conf/distro/include/cve-extra-exclusions.inc
index 0b895985015..76dab1d630a 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -438,6 +438,13 @@ CVE_CHECK_IGNORE += "CVE-2023-1073"
 # Backported in version 6.1.9 9f08bb650078dca24a13fea1c375358ed6292df3
 CVE_CHECK_IGNORE += "CVE-2023-1074"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1076
+CVE-2023-1076: linux-yocto 
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1076 *
+# Patched in kernel v6.3 a096ccca6e503a5c575717ff8a36ace27510ab0a
+# Backported in version 6.1.16 b4ada752eaf1341f47bfa3d8ada377eca75a8d44
+# Backported in version 5.15.99 67f9f02928a34aad0a2c11dab5eea269f5ecf427
+CVE_CHECK_IGNORE += "CVE-2023-1076"
+
 # https://nvd.nist.gov/vuln/detail/CVE-2023-1077
 # Patched in kernel 6.3rc1 7c4a5b89a0b5a57a64b601775b296abf77a9fe97
 # Backported in version 5.15.99 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc 
b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
index ec7ff9c1a7b..b74e9675e15 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.1.inc
@@ -13,3 +13,16 @@ CVE_CHECK_IGNORE += "CVE-2022-3566"
 # Patched in kernel since v6.1 364f997b5cfe1db0d63a390fe7c801fa2b3115f6
 CVE_CHECK_IGNORE += "CVE-2022-3567"
 
+# https://nvd.nist.gov/vuln/detail/CVE-2022-38457
+# https://nvd.nist.gov/vuln/detail/CVE-2022-40133
+# Patched in kernel v6.2 a309c7194e8a2f8bd4539b9449917913f6c2cd50
+# Patched in kernel 6.1.7 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a
+CVE_CHECK_IGNORE += "CVE-2023-38457 CVE-2022-40133"
+
+# https://nvd.nist.gov/vuln/detail/CVE-2023-1075
+# Introduced in v4.20 a42055e8d2c30d4decfc13ce943d09c7b9dad221
+# Patched in kernel v6.2 ffe2a22562444720b05bdfeb999c03e810d84cbb
+# Backported in version 6.1.11 37c0cdf7e4919e5f76381ac60817b67bcbdacb50
+# 5.15 still has issue, include/net/tls.h:is_tx_ready() would need patch
+CVE_CHECK_IGNORE += "CVE-2023-1075"
+
-- 
2.39.2

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#179817): 
https://lists.openembedded.org/g/openembedded-core/message/179817
Mute This Topic: https://lists.openembedded.org/mt/98122403/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core] [PATCH] cve-exclusions: Document some further linux-yocto CVE statuses

Reply via email to