1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

cve-extra-exclusions: ignore inapplicable linux-yocto CVEs

Multiple CVEs are patched in kernel but appear as active because the NVD
database is not up to date.

In common file cve-extra-exclusion.inc, CVEs are ignored if and only if
all versions of kernel used are patched.

In cve-exclusion_6.1.inc, only ignore CVEs that are patched in v6.1,
and not patched in v5.15.
Recipes of version 6.1 should include this file.

Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 5feb065f1b1aaf218f71cc9d31a9251b139b9442)

Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Geoffrey GIRY
2023-04-05 12:34:54 +02:00
committed by Richard Purdie
parent 0e5bdb623b
commit b8bfd3b01b
5 changed files with 74 additions and 3 deletions
@@ -2,6 +2,9 @@ KBRANCH ?= "v6.1/standard/base"
require recipes-kernel/linux/linux-yocto.inc
# CVE exclusions
include recipes-kernel/linux/cve-exclusion_6.1.inc
# board specific branches
KBRANCH:qemuarm ?= "v6.1/standard/arm-versatile-926ejs"
KBRANCH:qemuarm64 ?= "v6.1/standard/qemuarm64"