diff options
author | Yoann Congal <yoann.congal@smile.fr> | 2023-04-06 16:19:23 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-04-07 15:14:15 +0100 |
commit | 39274240b7756f498507b229d5f3461c207f1823 (patch) | |
tree | d7b7e8ca4012bdf9077f3f333e567825c428d993 | |
parent | 990d1cbb1628577bd159e8266fa15976f1f17062 (diff) | |
download | openembedded-core-contrib-39274240b7756f498507b229d5f3461c207f1823.tar.gz |
cve-extra-exclusion: ignore disputed CVE-2023-23005
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Frank WOLFF <frank.wolff@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/conf/distro/include/cve-extra-exclusions.inc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc index 0b89598501..439d569f7d 100644 --- a/meta/conf/distro/include/cve-extra-exclusions.inc +++ b/meta/conf/distro/include/cve-extra-exclusions.inc @@ -485,6 +485,16 @@ CVE_CHECK_IGNORE += "CVE-2023-1281" # Backported in version v6.1.13 747ca7c8a0c7bce004709143d1cd6596b79b1deb CVE_CHECK_IGNORE += "CVE-2023-1513" +# https://nvd.nist.gov/vuln/detail/CVE-2023-23005 +# Introduced in version v6.1 7b88bda3761b95856cf97822efe8281c8100067b +# Patched in kernel since v6.2 4a625ceee8a0ab0273534cb6b432ce6b331db5ee +# But, the CVE is disputed: +# > NOTE: this is disputed by third parties because there are no realistic cases +# > in which a user can cause the alloc_memory_type error case to be reached. +# See: https://bugzilla.suse.com/show_bug.cgi?id=1208844#c2 +# We can safely ignore it. +CVE_CHECK_IGNORE += "CVE-2023-23005" + # https://nvd.nist.gov/vuln/detail/CVE-2023-28466 # Introduced in version v4.13 3c4d7559159bfe1e3b94df3a657b2cda3a34e218 # Patched in kernel since v6.3-rc2 49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 |