CVE Status
From Yocto Project
Jump to navigationJump to search
This is a list of CVEs which are currently being reported as open, and the current state.
CVE-2022-3219 (gnupg)
Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.
CVE-2022-33065 (libsndfile1)
Integer overflow, still open upstream.
CVE-2022-46456 (nasm)
Buffer overflow, still open upstream.
CVE-2023-0687 (glibc)
Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.
CVE-2023-37769 (pixman)
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.
CVE-2023-1386 (qemu)
Still open upstream.
CVE-2023-3019 (qemu)
Linked patches need rebasing and review.
CVE-2023-3180 (qemu)
Fixed in 8.1.0.
CVE-2023-3354 (qemu)
Fixed in 8.1.0.
CVE-2023-40360 (qemu)
Fixed in 8.1.0.
CVE-2023-4135 (qemu)
Fixed in 8.1.0.