* CVE's for linux-yocto
@ 2021-02-16 18:23 Steve Sakoman
2021-02-16 19:02 ` [OE-core] " akuster
2021-02-18 8:22 ` Mikko Rapeli
0 siblings, 2 replies; 4+ messages in thread
From: Steve Sakoman @ 2021-02-16 18:23 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer
The weekly cve reports for master, gatesgarth, and dunfell currently
omit linux-yocto since the CPE database for the kernel is notoriously
incomplete in versioning information.
This morning at the YP technical team meeting we discussed this and
decided to see if we might, as a team, expend some effort to update
the CPE database to improve this situation (much as we have been doing
for the other packages in oe-core)
The first step in this process is to shine some light on the current
situation, so below is a list of the current CVE hits for linux-yocto
in all three branches.
Steve
CVE list for linux-yocto master branch
CVE-1999-0524: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
CVE-1999-0656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
CVE-2006-2932: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
CVE-2007-2764: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
CVE-2007-4998: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
CVE-2008-4609: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
CVE-2010-0298: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
CVE-2010-4563: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
CVE-2011-0640: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
CVE-2014-2648: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
CVE-2014-8171: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
CVE-2016-0774: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
CVE-2016-3695: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
CVE-2016-3699: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
CVE-2017-1000255: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
CVE-2017-1000377: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
CVE-2017-5897: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
CVE-2017-6264: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
CVE-2018-1000026: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
CVE-2018-10840: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
CVE-2018-10876: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
CVE-2018-10882: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
CVE-2018-10901: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
CVE-2018-10902: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
CVE-2018-14625: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
CVE-2018-16880: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
CVE-2018-16884: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
CVE-2018-5873: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
CVE-2018-6559: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
CVE-2019-10126: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
CVE-2019-14899: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2019-3016: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
CVE-2019-3819: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
CVE-2019-3846: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
CVE-2019-3887: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
CVE-2020-10732: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
CVE-2020-16119: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
CVE-2020-1749: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
CVE-2020-8834: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
CVE-2021-26708: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
CVE-2021-3348: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
CVE list for linux-yocto gatesgarth
CVE-1999-0524: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
CVE-1999-0656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
CVE-2006-2932: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
CVE-2007-2764: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
CVE-2007-4998: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
CVE-2008-4609: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
CVE-2010-0298: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
CVE-2010-4563: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
CVE-2011-0640: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
CVE-2014-2648: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
CVE-2014-8171: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
CVE-2016-0774: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
CVE-2016-3695: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
CVE-2016-3699: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
CVE-2017-1000255: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
CVE-2017-1000377: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
CVE-2017-5897: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
CVE-2017-6264: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
CVE-2018-1000026: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
CVE-2018-10840: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
CVE-2018-10876: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
CVE-2018-10882: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
CVE-2018-10901: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
CVE-2018-10902: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
CVE-2018-14625: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
CVE-2018-16880: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
CVE-2018-16884: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
CVE-2018-5873: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
CVE-2018-6559: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
CVE-2019-10126: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
CVE-2019-14899: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2019-3016: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
CVE-2019-3819: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
CVE-2019-3846: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
CVE-2019-3887: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
CVE-2020-10732: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
CVE-2020-14385: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
CVE-2020-14386: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
CVE-2020-14390: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
CVE-2020-16119: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
CVE-2020-1749: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
CVE-2020-25645: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
CVE-2020-25656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
CVE-2020-25704: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
CVE-2020-25705: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
CVE-2020-27152: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
CVE-2020-27673: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
CVE-2020-27675: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
CVE-2020-27777: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
CVE-2020-28374: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
CVE-2020-28941: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
CVE-2020-28974: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
CVE-2020-29534: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
CVE-2020-29569: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
CVE-2020-29660: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
CVE-2020-29661: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
CVE-2020-36158: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
CVE-2020-8834: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
CVE-2021-26708: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
CVE-2021-3178: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
CVE-2021-3347: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
CVE-2021-3348: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
CVE list for linux-yocto dunfell branch
CVE-1999-0524: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
CVE-1999-0656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
CVE-2006-2932: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
CVE-2007-2764: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
CVE-2007-4998: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
CVE-2008-4609: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
CVE-2010-0298: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
CVE-2010-4563: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
CVE-2011-0640: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
CVE-2014-2648: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
CVE-2014-8171: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
CVE-2016-0774: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
CVE-2016-3695: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
CVE-2016-3699: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
CVE-2017-1000255: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
CVE-2017-1000377: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
CVE-2017-5897: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
CVE-2017-6264: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
CVE-2018-1000026: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
CVE-2018-10840: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
CVE-2018-10876: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
CVE-2018-10882: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
CVE-2018-10901: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
CVE-2018-10902: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
CVE-2018-14625: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
CVE-2018-16880: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
CVE-2018-16884: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
CVE-2018-5873: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
CVE-2018-6559: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
CVE-2019-10126: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
CVE-2019-14899: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
CVE-2019-19338: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19338 *
CVE-2019-20794: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20794 *
CVE-2019-20810: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20810 *
CVE-2019-3016: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
CVE-2019-3819: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
CVE-2019-3846: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
CVE-2019-3887: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
CVE-2020-10690: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10690 *
CVE-2020-10711: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10711 *
CVE-2020-10732: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
CVE-2020-10757: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10757 *
CVE-2020-10766: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10766 *
CVE-2020-10767: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10767 *
CVE-2020-10768: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10768 *
CVE-2020-10781: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10781 *
CVE-2020-10942: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10942 *
CVE-2020-11494: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11494 *
CVE-2020-11565: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11565 *
CVE-2020-11608: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11608 *
CVE-2020-11609: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11609 *
CVE-2020-11668: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11668 *
CVE-2020-11725: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11725 *
CVE-2020-11884: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11884 *
CVE-2020-12464: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12464 *
CVE-2020-12465: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12465 *
CVE-2020-12653: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12653 *
CVE-2020-12654: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12654 *
CVE-2020-12655: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12655 *
CVE-2020-12656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12656 *
CVE-2020-12657: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12657 *
CVE-2020-12659: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12659 *
CVE-2020-12768: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12768 *
CVE-2020-12770: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12770 *
CVE-2020-12771: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12771 *
CVE-2020-12826: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12826 *
CVE-2020-12888: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12888 *
CVE-2020-13143: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13143 *
CVE-2020-13974: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13974 *
CVE-2020-14314: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14314 *
CVE-2020-14331: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14331 *
CVE-2020-14351: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14351 *
CVE-2020-14356: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14356 *
CVE-2020-14381: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14381 *
CVE-2020-14385: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
CVE-2020-14386: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
CVE-2020-14390: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
CVE-2020-15393: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15393 *
CVE-2020-15436: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15436 *
CVE-2020-15437: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15437 *
CVE-2020-15780: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15780 *
CVE-2020-16119: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
CVE-2020-16166: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16166 *
CVE-2020-1749: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
CVE-2020-24394: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24394 *
CVE-2020-25211: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211 *
CVE-2020-25212: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25212 *
CVE-2020-25284: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25284 *
CVE-2020-25285: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25285 *
CVE-2020-25641: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25641 *
CVE-2020-25643: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25643 *
CVE-2020-25645: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
CVE-2020-25656: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
CVE-2020-25704: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
CVE-2020-25705: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
CVE-2020-26088: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26088 *
CVE-2020-26541: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26541 *
CVE-2020-27152: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
CVE-2020-27194: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194 *
CVE-2020-27673: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
CVE-2020-27675: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
CVE-2020-27777: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
CVE-2020-28374: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
CVE-2020-28915: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28915 *
CVE-2020-28941: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
CVE-2020-28974: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
CVE-2020-29368: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29368 *
CVE-2020-29369: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29369 *
CVE-2020-29370: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29370 *
CVE-2020-29371: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29371 *
CVE-2020-29372: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29372 *
CVE-2020-29373: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29373 *
CVE-2020-29374: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29374 *
CVE-2020-29534: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
CVE-2020-29569: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
CVE-2020-29660: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
CVE-2020-29661: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
CVE-2020-36158: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
CVE-2020-8428: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8428 *
CVE-2020-8647: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8647 *
CVE-2020-8648: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8648 *
CVE-2020-8649: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8649 *
CVE-2020-8834: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
CVE-2020-8992: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8992 *
CVE-2020-9383: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9383 *
CVE-2021-26708: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
CVE-2021-3178: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
CVE-2021-3347: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
CVE-2021-3348: linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] CVE's for linux-yocto
2021-02-16 18:23 CVE's for linux-yocto Steve Sakoman
@ 2021-02-16 19:02 ` akuster
2021-02-16 19:49 ` Steve Sakoman
2021-02-18 8:22 ` Mikko Rapeli
1 sibling, 1 reply; 4+ messages in thread
From: akuster @ 2021-02-16 19:02 UTC (permalink / raw)
To: Steve Sakoman, Patches and discussions about the oe-core layer
On 2/16/21 10:23 AM, Steve Sakoman wrote:
> The weekly cve reports for master, gatesgarth, and dunfell currently
> omit linux-yocto since the CPE database for the kernel is notoriously
> incomplete in versioning information.
>
> This morning at the YP technical team meeting we discussed this and
> decided to see if we might, as a team, expend some effort to update
> the CPE database to improve this situation (much as we have been doing
> for the other packages in oe-core)
>
> The first step in this process is to shine some light on the current
> situation, so below is a list of the current CVE hits for linux-yocto
> in all three branches.
Thanks Steve.
What kernel versions are these for?
- armin
>
> Steve
>
> CVE list for linux-yocto master branch
>
> CVE-1999-0524: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> CVE-1999-0656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> CVE-2006-2932: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> CVE-2007-2764: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> CVE-2007-4998: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> CVE-2008-4609: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> CVE-2010-0298: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> CVE-2010-4563: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> CVE-2011-0640: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> CVE-2014-2648: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> CVE-2014-8171: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> CVE-2016-0774: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> CVE-2016-3695: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> CVE-2016-3699: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> CVE-2017-1000255: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> CVE-2017-1000377: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> CVE-2017-5897: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> CVE-2017-6264: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> CVE-2018-1000026: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> CVE-2018-10840: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> CVE-2018-10876: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> CVE-2018-10882: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> CVE-2018-10901: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> CVE-2018-10902: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> CVE-2018-14625: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> CVE-2018-16880: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> CVE-2018-16884: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> CVE-2018-5873: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> CVE-2018-6559: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> CVE-2019-10126: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> CVE-2019-14899: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> CVE-2019-3016: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> CVE-2019-3819: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> CVE-2019-3846: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> CVE-2019-3887: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> CVE-2020-10732: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> CVE-2020-16119: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> CVE-2020-1749: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> CVE-2020-8834: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> CVE-2021-26708: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> CVE-2021-3348: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
>
> CVE list for linux-yocto gatesgarth
>
> CVE-1999-0524: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> CVE-1999-0656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> CVE-2006-2932: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> CVE-2007-2764: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> CVE-2007-4998: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> CVE-2008-4609: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> CVE-2010-0298: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> CVE-2010-4563: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> CVE-2011-0640: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> CVE-2014-2648: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> CVE-2014-8171: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> CVE-2016-0774: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> CVE-2016-3695: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> CVE-2016-3699: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> CVE-2017-1000255: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> CVE-2017-1000377: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> CVE-2017-5897: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> CVE-2017-6264: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> CVE-2018-1000026: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> CVE-2018-10840: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> CVE-2018-10876: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> CVE-2018-10882: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> CVE-2018-10901: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> CVE-2018-10902: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> CVE-2018-14625: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> CVE-2018-16880: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> CVE-2018-16884: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> CVE-2018-5873: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> CVE-2018-6559: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> CVE-2019-10126: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> CVE-2019-14899: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> CVE-2019-3016: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> CVE-2019-3819: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> CVE-2019-3846: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> CVE-2019-3887: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> CVE-2020-10732: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> CVE-2020-14385: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
> CVE-2020-14386: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
> CVE-2020-14390: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
> CVE-2020-16119: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> CVE-2020-1749: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> CVE-2020-25645: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
> CVE-2020-25656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
> CVE-2020-25704: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
> CVE-2020-25705: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
> CVE-2020-27152: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
> CVE-2020-27673: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
> CVE-2020-27675: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
> CVE-2020-27777: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
> CVE-2020-28374: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
> CVE-2020-28941: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
> CVE-2020-28974: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
> CVE-2020-29534: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
> CVE-2020-29569: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
> CVE-2020-29660: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
> CVE-2020-29661: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
> CVE-2020-36158: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
> CVE-2020-8834: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> CVE-2021-26708: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> CVE-2021-3178: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
> CVE-2021-3347: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
> CVE-2021-3348: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
>
> CVE list for linux-yocto dunfell branch
>
> CVE-1999-0524: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> CVE-1999-0656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> CVE-2006-2932: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> CVE-2007-2764: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> CVE-2007-4998: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> CVE-2008-4609: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> CVE-2010-0298: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> CVE-2010-4563: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> CVE-2011-0640: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> CVE-2014-2648: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> CVE-2014-8171: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> CVE-2016-0774: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> CVE-2016-3695: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> CVE-2016-3699: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> CVE-2017-1000255: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> CVE-2017-1000377: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> CVE-2017-5897: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> CVE-2017-6264: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> CVE-2018-1000026: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> CVE-2018-10840: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> CVE-2018-10876: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> CVE-2018-10882: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> CVE-2018-10901: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> CVE-2018-10902: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> CVE-2018-14625: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> CVE-2018-16880: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> CVE-2018-16884: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> CVE-2018-5873: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> CVE-2018-6559: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> CVE-2019-10126: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> CVE-2019-14899: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> CVE-2019-19338: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19338 *
> CVE-2019-20794: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20794 *
> CVE-2019-20810: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20810 *
> CVE-2019-3016: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> CVE-2019-3819: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> CVE-2019-3846: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> CVE-2019-3887: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> CVE-2020-10690: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10690 *
> CVE-2020-10711: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10711 *
> CVE-2020-10732: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> CVE-2020-10757: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10757 *
> CVE-2020-10766: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10766 *
> CVE-2020-10767: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10767 *
> CVE-2020-10768: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10768 *
> CVE-2020-10781: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10781 *
> CVE-2020-10942: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10942 *
> CVE-2020-11494: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11494 *
> CVE-2020-11565: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11565 *
> CVE-2020-11608: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11608 *
> CVE-2020-11609: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11609 *
> CVE-2020-11668: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11668 *
> CVE-2020-11725: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11725 *
> CVE-2020-11884: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11884 *
> CVE-2020-12464: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12464 *
> CVE-2020-12465: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12465 *
> CVE-2020-12653: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12653 *
> CVE-2020-12654: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12654 *
> CVE-2020-12655: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12655 *
> CVE-2020-12656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12656 *
> CVE-2020-12657: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12657 *
> CVE-2020-12659: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12659 *
> CVE-2020-12768: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12768 *
> CVE-2020-12770: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12770 *
> CVE-2020-12771: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12771 *
> CVE-2020-12826: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12826 *
> CVE-2020-12888: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12888 *
> CVE-2020-13143: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13143 *
> CVE-2020-13974: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13974 *
> CVE-2020-14314: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14314 *
> CVE-2020-14331: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14331 *
> CVE-2020-14351: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14351 *
> CVE-2020-14356: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14356 *
> CVE-2020-14381: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14381 *
> CVE-2020-14385: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
> CVE-2020-14386: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
> CVE-2020-14390: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
> CVE-2020-15393: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15393 *
> CVE-2020-15436: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15436 *
> CVE-2020-15437: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15437 *
> CVE-2020-15780: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15780 *
> CVE-2020-16119: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> CVE-2020-16166: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16166 *
> CVE-2020-1749: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> CVE-2020-24394: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24394 *
> CVE-2020-25211: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211 *
> CVE-2020-25212: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25212 *
> CVE-2020-25284: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25284 *
> CVE-2020-25285: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25285 *
> CVE-2020-25641: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25641 *
> CVE-2020-25643: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25643 *
> CVE-2020-25645: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
> CVE-2020-25656: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
> CVE-2020-25704: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
> CVE-2020-25705: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
> CVE-2020-26088: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26088 *
> CVE-2020-26541: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26541 *
> CVE-2020-27152: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
> CVE-2020-27194: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194 *
> CVE-2020-27673: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
> CVE-2020-27675: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
> CVE-2020-27777: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
> CVE-2020-28374: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
> CVE-2020-28915: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28915 *
> CVE-2020-28941: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
> CVE-2020-28974: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
> CVE-2020-29368: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29368 *
> CVE-2020-29369: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29369 *
> CVE-2020-29370: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29370 *
> CVE-2020-29371: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29371 *
> CVE-2020-29372: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29372 *
> CVE-2020-29373: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29373 *
> CVE-2020-29374: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29374 *
> CVE-2020-29534: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
> CVE-2020-29569: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
> CVE-2020-29660: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
> CVE-2020-29661: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
> CVE-2020-36158: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
> CVE-2020-8428: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8428 *
> CVE-2020-8647: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8647 *
> CVE-2020-8648: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8648 *
> CVE-2020-8649: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8649 *
> CVE-2020-8834: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> CVE-2020-8992: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8992 *
> CVE-2020-9383: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9383 *
> CVE-2021-26708: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> CVE-2021-3178: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
> CVE-2021-3347: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
> CVE-2021-3348: linux-yocto
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] CVE's for linux-yocto
2021-02-16 19:02 ` [OE-core] " akuster
@ 2021-02-16 19:49 ` Steve Sakoman
0 siblings, 0 replies; 4+ messages in thread
From: Steve Sakoman @ 2021-02-16 19:49 UTC (permalink / raw)
To: akuster808; +Cc: Patches and discussions about the oe-core layer
On Tue, Feb 16, 2021 at 9:02 AM akuster808 <akuster808@gmail.com> wrote:
>
>
>
> On 2/16/21 10:23 AM, Steve Sakoman wrote:
> > The weekly cve reports for master, gatesgarth, and dunfell currently
> > omit linux-yocto since the CPE database for the kernel is notoriously
> > incomplete in versioning information.
> >
> > This morning at the YP technical team meeting we discussed this and
> > decided to see if we might, as a team, expend some effort to update
> > the CPE database to improve this situation (much as we have been doing
> > for the other packages in oe-core)
> >
> > The first step in this process is to shine some light on the current
> > situation, so below is a list of the current CVE hits for linux-yocto
> > in all three branches.
>
> Thanks Steve.
> What kernel versions are these for?
Basically whatever is the current linux-yocto version for the default
machine in each branch, since I don't change the default local.conf
I know dunfell is at 5.4, I believe gatesgarth is on 5.8, and I'm not
sure about master.
Steve
> - armin
> >
> > Steve
> >
> > CVE list for linux-yocto master branch
> >
> > CVE-1999-0524: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> > CVE-1999-0656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> > CVE-2006-2932: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> > CVE-2007-2764: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> > CVE-2007-4998: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> > CVE-2008-4609: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> > CVE-2010-0298: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> > CVE-2010-4563: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> > CVE-2011-0640: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> > CVE-2014-2648: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> > CVE-2014-8171: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> > CVE-2016-0774: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> > CVE-2016-3695: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> > CVE-2016-3699: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> > CVE-2017-1000255: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> > CVE-2017-1000377: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> > CVE-2017-5897: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> > CVE-2017-6264: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> > CVE-2018-1000026: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> > CVE-2018-10840: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> > CVE-2018-10876: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> > CVE-2018-10882: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> > CVE-2018-10901: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> > CVE-2018-10902: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> > CVE-2018-14625: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> > CVE-2018-16880: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> > CVE-2018-16884: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> > CVE-2018-5873: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> > CVE-2018-6559: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> > CVE-2019-10126: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> > CVE-2019-14899: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> > CVE-2019-3016: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> > CVE-2019-3819: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> > CVE-2019-3846: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> > CVE-2019-3887: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> > CVE-2020-10732: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> > CVE-2020-16119: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> > CVE-2020-1749: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> > CVE-2020-8834: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> > CVE-2021-26708: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> > CVE-2021-3348: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
> >
> > CVE list for linux-yocto gatesgarth
> >
> > CVE-1999-0524: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> > CVE-1999-0656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> > CVE-2006-2932: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> > CVE-2007-2764: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> > CVE-2007-4998: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> > CVE-2008-4609: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> > CVE-2010-0298: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> > CVE-2010-4563: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> > CVE-2011-0640: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> > CVE-2014-2648: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> > CVE-2014-8171: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> > CVE-2016-0774: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> > CVE-2016-3695: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> > CVE-2016-3699: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> > CVE-2017-1000255: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> > CVE-2017-1000377: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> > CVE-2017-5897: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> > CVE-2017-6264: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> > CVE-2018-1000026: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> > CVE-2018-10840: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> > CVE-2018-10876: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> > CVE-2018-10882: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> > CVE-2018-10901: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> > CVE-2018-10902: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> > CVE-2018-14625: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> > CVE-2018-16880: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> > CVE-2018-16884: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> > CVE-2018-5873: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> > CVE-2018-6559: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> > CVE-2019-10126: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> > CVE-2019-14899: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> > CVE-2019-3016: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> > CVE-2019-3819: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> > CVE-2019-3846: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> > CVE-2019-3887: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> > CVE-2020-10732: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> > CVE-2020-14385: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
> > CVE-2020-14386: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
> > CVE-2020-14390: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
> > CVE-2020-16119: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> > CVE-2020-1749: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> > CVE-2020-25645: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
> > CVE-2020-25656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
> > CVE-2020-25704: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
> > CVE-2020-25705: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
> > CVE-2020-27152: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
> > CVE-2020-27673: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
> > CVE-2020-27675: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
> > CVE-2020-27777: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
> > CVE-2020-28374: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
> > CVE-2020-28941: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
> > CVE-2020-28974: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
> > CVE-2020-29534: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
> > CVE-2020-29569: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
> > CVE-2020-29660: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
> > CVE-2020-29661: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
> > CVE-2020-36158: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
> > CVE-2020-8834: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> > CVE-2021-26708: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> > CVE-2021-3178: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
> > CVE-2021-3347: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
> > CVE-2021-3348: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
> >
> > CVE list for linux-yocto dunfell branch
> >
> > CVE-1999-0524: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524 *
> > CVE-1999-0656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0656 *
> > CVE-2006-2932: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2932 *
> > CVE-2007-2764: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2764 *
> > CVE-2007-4998: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4998 *
> > CVE-2008-4609: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609 *
> > CVE-2010-0298: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0298 *
> > CVE-2010-4563: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4563 *
> > CVE-2011-0640: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0640 *
> > CVE-2014-2648: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2648 *
> > CVE-2014-8171: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8171 *
> > CVE-2016-0774: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774 *
> > CVE-2016-3695: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3695 *
> > CVE-2016-3699: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3699 *
> > CVE-2017-1000255: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000255 *
> > CVE-2017-1000377: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000377 *
> > CVE-2017-5897: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5897 *
> > CVE-2017-6264: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6264 *
> > CVE-2018-1000026: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000026 *
> > CVE-2018-10840: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10840 *
> > CVE-2018-10876: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10876 *
> > CVE-2018-10882: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10882 *
> > CVE-2018-10901: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10901 *
> > CVE-2018-10902: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10902 *
> > CVE-2018-14625: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14625 *
> > CVE-2018-16880: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16880 *
> > CVE-2018-16884: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16884 *
> > CVE-2018-5873: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5873 *
> > CVE-2018-6559: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6559 *
> > CVE-2019-10126: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10126 *
> > CVE-2019-14899: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 *
> > CVE-2019-19338: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19338 *
> > CVE-2019-20794: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20794 *
> > CVE-2019-20810: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20810 *
> > CVE-2019-3016: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3016 *
> > CVE-2019-3819: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819 *
> > CVE-2019-3846: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3846 *
> > CVE-2019-3887: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3887 *
> > CVE-2020-10690: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10690 *
> > CVE-2020-10711: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10711 *
> > CVE-2020-10732: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10732 *
> > CVE-2020-10757: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10757 *
> > CVE-2020-10766: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10766 *
> > CVE-2020-10767: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10767 *
> > CVE-2020-10768: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10768 *
> > CVE-2020-10781: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10781 *
> > CVE-2020-10942: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10942 *
> > CVE-2020-11494: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11494 *
> > CVE-2020-11565: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11565 *
> > CVE-2020-11608: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11608 *
> > CVE-2020-11609: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11609 *
> > CVE-2020-11668: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11668 *
> > CVE-2020-11725: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11725 *
> > CVE-2020-11884: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11884 *
> > CVE-2020-12464: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12464 *
> > CVE-2020-12465: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12465 *
> > CVE-2020-12653: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12653 *
> > CVE-2020-12654: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12654 *
> > CVE-2020-12655: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12655 *
> > CVE-2020-12656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12656 *
> > CVE-2020-12657: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12657 *
> > CVE-2020-12659: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12659 *
> > CVE-2020-12768: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12768 *
> > CVE-2020-12770: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12770 *
> > CVE-2020-12771: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12771 *
> > CVE-2020-12826: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12826 *
> > CVE-2020-12888: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12888 *
> > CVE-2020-13143: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13143 *
> > CVE-2020-13974: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13974 *
> > CVE-2020-14314: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14314 *
> > CVE-2020-14331: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14331 *
> > CVE-2020-14351: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14351 *
> > CVE-2020-14356: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14356 *
> > CVE-2020-14381: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14381 *
> > CVE-2020-14385: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14385 *
> > CVE-2020-14386: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14386 *
> > CVE-2020-14390: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14390 *
> > CVE-2020-15393: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15393 *
> > CVE-2020-15436: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15436 *
> > CVE-2020-15437: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15437 *
> > CVE-2020-15780: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15780 *
> > CVE-2020-16119: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16119 *
> > CVE-2020-16166: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16166 *
> > CVE-2020-1749: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1749 *
> > CVE-2020-24394: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24394 *
> > CVE-2020-25211: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25211 *
> > CVE-2020-25212: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25212 *
> > CVE-2020-25284: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25284 *
> > CVE-2020-25285: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25285 *
> > CVE-2020-25641: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25641 *
> > CVE-2020-25643: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25643 *
> > CVE-2020-25645: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25645 *
> > CVE-2020-25656: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25656 *
> > CVE-2020-25704: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25704 *
> > CVE-2020-25705: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25705 *
> > CVE-2020-26088: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26088 *
> > CVE-2020-26541: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26541 *
> > CVE-2020-27152: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27152 *
> > CVE-2020-27194: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27194 *
> > CVE-2020-27673: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27673 *
> > CVE-2020-27675: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27675 *
> > CVE-2020-27777: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27777 *
> > CVE-2020-28374: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28374 *
> > CVE-2020-28915: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28915 *
> > CVE-2020-28941: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28941 *
> > CVE-2020-28974: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28974 *
> > CVE-2020-29368: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29368 *
> > CVE-2020-29369: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29369 *
> > CVE-2020-29370: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29370 *
> > CVE-2020-29371: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29371 *
> > CVE-2020-29372: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29372 *
> > CVE-2020-29373: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29373 *
> > CVE-2020-29374: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29374 *
> > CVE-2020-29534: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29534 *
> > CVE-2020-29569: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29569 *
> > CVE-2020-29660: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29660 *
> > CVE-2020-29661: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29661 *
> > CVE-2020-36158: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36158 *
> > CVE-2020-8428: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8428 *
> > CVE-2020-8647: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8647 *
> > CVE-2020-8648: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8648 *
> > CVE-2020-8649: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8649 *
> > CVE-2020-8834: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8834 *
> > CVE-2020-8992: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8992 *
> > CVE-2020-9383: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9383 *
> > CVE-2021-26708: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26708 *
> > CVE-2021-3178: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3178 *
> > CVE-2021-3347: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3347 *
> > CVE-2021-3348: linux-yocto
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3348 *
> >
> >
> >
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] CVE's for linux-yocto
2021-02-16 18:23 CVE's for linux-yocto Steve Sakoman
2021-02-16 19:02 ` [OE-core] " akuster
@ 2021-02-18 8:22 ` Mikko Rapeli
1 sibling, 0 replies; 4+ messages in thread
From: Mikko Rapeli @ 2021-02-18 8:22 UTC (permalink / raw)
To: steve; +Cc: openembedded-core
Hi,
On Tue, Feb 16, 2021 at 08:23:31AM -1000, Steve Sakoman wrote:
> The weekly cve reports for master, gatesgarth, and dunfell currently
> omit linux-yocto since the CPE database for the kernel is notoriously
> incomplete in versioning information.
>
> This morning at the YP technical team meeting we discussed this and
> decided to see if we might, as a team, expend some effort to update
> the CPE database to improve this situation (much as we have been doing
> for the other packages in oe-core)
>
> The first step in this process is to shine some light on the current
> situation, so below is a list of the current CVE hits for linux-yocto
> in all three branches.
Please check https://github.com/nluedtke/linux_kernel_cves
IMO, that information could be moved over to NVD and CPE, but AFAIK the
scripts which generate this git repo with data aren't public.
Another option would be to switch kernel CVE scans to use that git repo
to pull in data from kernel major version and which CVEs are fixed and
unfixed by given minor version release.
That is rather simple to do for anyone who has a bit of time. Though
as recommended by upstream developers, CVEs should never be patched
independently and instead upstream point releases should be merged into
product trees.
For example for dunfell linux-yocto version 5.4.87 and data from
https://github.com/nluedtke/linux_kernel_cves/blob/master/data/5.4/5.4_security.txt
shows that the list of fixed CVEs is between lines 1 and 297 (note
that 5.4.87 point release is missing from the list but previous and following
releases are there, not perfect but that's what it is).
Then the list of unfixed CVEs from newer point releases is:
CVEs fixed in 5.4.88:
CVE-2020-36158: 0a49aaf4df2936bca119ee38fe5a570a7024efdc mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVEs fixed in 5.4.89:
CVE-2020-28374: 485e21729b1e1235e6075318225c09e76b376e81 scsi: target: Fix XCOPY NAA identifier lookup
CVEs fixed in 5.4.92:
CVE-2021-3178: 4aef760c28e8bd1860a27fd78067b4ea77124987 nfsd4: readdirplus shouldn't return parent of export
CVEs fixed in 5.4.94:
CVE-2020-27825: b899d5b2a42a963d6ca7e33d51a35b2eb25f6d10 tracing: Fix race in trace_open and buffer resize call
CVE-2021-3347: 0dae88a92596db9405fd4a341c1915cf7d8fbad4 futex: Ensure the correct return value from futex_lock_pi()
CVEs fixed in 5.4.95:
CVE-2021-3348: 587c6b75d7fdd366ad7dc615471006ce73c03a51 nbd: freeze the queue while we're adding connections
CVEs fixed in 5.4.97:
CVE-2021-20194: 9146fffc5d2a3ec49906daf18d2e983d995b3521 bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
And list of CVEs for which no fix is available in 5.4 branch is the long list of outstanding
(all lines after "Outstanding CVEs") CVEs, some of which do not apply to 5.4 because buggy
code doesn't exist there, or no-one has yet backported the patches etc.
This same process could apply to any kernel major version for which data exists in this
git tree and if the database keeps seeing updates. I've been using this manually to
trigger updates and cross reference which point releases have fixes and I have not
yet found major bugs in the data. Though for updates, like I said, full merge or rebase
of the upstream kernel.org point releases must be done, as also Greg K-H. says.
Cheers,
-Mikko
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-18 8:22 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 18:23 CVE's for linux-yocto Steve Sakoman
2021-02-16 19:02 ` [OE-core] " akuster
2021-02-16 19:49 ` Steve Sakoman
2021-02-18 8:22 ` Mikko Rapeli
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.