mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-02 01:19:52 +00:00
Code Issues Projects Releases Wiki Activity

improve_kernel_cve_report: do not override backported-patch

Browse Source 
If the user has a CVE_STATUS for their own backported patch,
the backport takes priority over upstream vulnerable versions.

(From OE-Core rev: d317e2a52bd29a772de9bcd751f5b0e03277bd77)

Signed-off-by: Daniel Turull <daniel.turull@ericsson.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0beef05be119ea465ba06553a42edea03dfc9fd3)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Daniel Turull
2026-03-09 02:16:21 -07:00
committed by Paul Barker
parent f7363369bf
commit eb31e34477
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/contrib/improve_kernel_cve_report.py
+4
View File
@@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry):
if cve_data[cve]['status'] == entry['status']: if cve_data[cve]['status'] == entry['status']:
return return
if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched": if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched":
# Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch)
# has priority over unpatch from CNA
if cve_data[cve]['detail'] == "backported-patch":
return
logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve) logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve)
cve_data[cve] = copy_data(cve_data[cve], entry) cve_data[cve] = copy_data(cve_data[cve], entry)
return return