diff options
| author |   Ross Burton <ross.burton@arm.com> | 2023-08-07 15:45:17 +0100 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-08-09 21:46:37 +0100 |
| commit | d8656d9d4dfcaef6b492f5bf4cb003f16d7a3a4b (patch) | |
| tree | b7a1882d6fbf318dc37f6a487a4c997681bbedd1 | |
| parent | 26df3c30a7dfed79b7b8c724eb1ef03e463b79b4 (diff) | |
| download | openembedded-core-contrib-d8656d9d4dfcaef6b492f5bf4cb003f16d7a3a4b.tar.gz | |
linux-yocto: extract generic kernel CVE_STATUS
Some of the CVE_STATUS assignments are not specific to the version, so
move them to an unversioned file and include it in the recipes.
For example: some CVEs are disputed, or are specific to other
distributions.
Signed-off-by: Ross Burton <ross.burton@arm.com>
| -rw-r--r-- | meta/recipes-kernel/linux/cve-exclusion.inc | 10 | ||||
| -rw-r--r-- | meta/recipes-kernel/linux/linux-yocto_6.1.bb | 1 | ||||
| -rw-r--r-- | meta/recipes-kernel/linux/linux-yocto_6.4.bb | 1 |
3 files changed, 12 insertions, 0 deletions
diff --git a/meta/recipes-kernel/linux/cve-exclusion.inc b/meta/recipes-kernel/linux/cve-exclusion.inc new file mode 100644 index 0000000000..42f1c195c9 --- /dev/null +++ b/meta/recipes-kernel/linux/cve-exclusion.inc @@ -0,0 +1,10 @@ +CVE_STATUS[CVE-2018-6559] = "not-applicable-platform: Issue only affects Ubuntu" + +CVE_STATUS[CVE-2020-11935] = "not-applicable-config: Issue only affects aufs, which is not in linux-yocto" + +# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b +# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee +# But, the CVE is disputed: +CVE_STATUS[CVE-2023-23005] = "disputed: There are no realistic cases \ +in which a user can cause the alloc_memory_type error case to be reached. \ +See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2" diff --git a/meta/recipes-kernel/linux/linux-yocto_6.1.bb b/meta/recipes-kernel/linux/linux-yocto_6.1.bb index cf8728ca15..2f804d379d 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.1.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.1.bb @@ -3,6 +3,7 @@ KBRANCH ?= "v6.1/standard/base" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.1.inc # board specific branches diff --git a/meta/recipes-kernel/linux/linux-yocto_6.4.bb b/meta/recipes-kernel/linux/linux-yocto_6.4.bb index 4deb7bc537..caa78b0163 100644 --- a/meta/recipes-kernel/linux/linux-yocto_6.4.bb +++ b/meta/recipes-kernel/linux/linux-yocto_6.4.bb @@ -3,6 +3,7 @@ KBRANCH ?= "v6.4/standard/base" require recipes-kernel/linux/linux-yocto.inc # CVE exclusions +include recipes-kernel/linux/cve-exclusion.inc include recipes-kernel/linux/cve-exclusion_6.4.inc # board specific branches |